pike.git/ src/ builtin.cmod

Branch: Tag:

2016-02-24

2016-02-24 10:04:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

String.Replace: Fixed multiple NULL-dereferences.

Voidable arguments are set to NULL for UNDEFINED...

Fixes [CID 1353481] and [CID 1353482].

3430:    if (THIS->ctx.v)    free_replace_many_context(&THIS->ctx);    -  switch(args) -  { -  case 0: -  return; -  -  case 1: -  if (TYPEOF(*from_arg) != T_MAPPING) -  Pike_error("Illegal arguments to create().\n"); -  THIS->from = mapping_indices(from_arg->u.mapping); -  THIS->to = mapping_values(from_arg->u.mapping); -  break; -  -  case 2: -  if (TYPEOF(*from_arg) != T_ARRAY) { +  if (to_arg) { +  if (!from_arg || (TYPEOF(*from_arg) != T_ARRAY)) {    SIMPLE_ARG_TYPE_ERROR("replace", 1,    "array(string)|mapping(string:string)");    }
3451:    push_int(from_arg->u.array->size);    stack_swap();    f_allocate(2); +  to_arg = Pike_sp - 1;    }    if (TYPEOF(*to_arg) != T_ARRAY) {    SIMPLE_ARG_TYPE_ERROR("replace", 2, "array(string)|string");
3460:    }    add_ref(THIS->from = from_arg->u.array);    add_ref(THIS->to = to_arg->u.array); +  } else if (from_arg) { +  if (TYPEOF(*from_arg) != T_MAPPING) +  Pike_error("Illegal arguments to create().\n"); +  THIS->from = mapping_indices(from_arg->u.mapping); +  THIS->to = mapping_values(from_arg->u.mapping); +  } else { +  return;    }       if (!THIS->from->size) {