From 51aa0fd15c327c0ef20242b00b02bda169af4744 Mon Sep 17 00:00:00 2001 From: Alex Pickering Date: Sat, 28 Sep 2019 16:06:47 -0400 Subject: Fixed memory corruption bugs Fixed various memory corruption bugs in the parsing step --- src/ctemplates.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'src/ctemplates.c') diff --git a/src/ctemplates.c b/src/ctemplates.c index 9a3b890..559733f 100644 --- a/src/ctemplates.c +++ b/src/ctemplates.c @@ -46,6 +46,7 @@ void print_ast_helper( ); void print_ast(struct TMPL_templates* root); struct TMPL_token* TMPL_tokenize(const char* tmplstr, size_t strlen); +void TMPL_free_tokens(struct TMPL_token *tokens); struct TMPL_tagnode* alloc_tagnode(void); size_t get_quoted_string(const char* start, size_t len); int is_whitespace(char c); @@ -315,6 +316,14 @@ TMPL_tokenize(const char* tmplstr, size_t m_strlen){ } return first; } +void +TMPL_free_tokens(struct TMPL_token *tokens){ + while(tokens != NULL){ + struct TMPL_token *tmp = tokens; + tokens = tokens->next; + free(tmp); + } +} struct TMPL_tagnode* alloc_tagnode(){ @@ -413,7 +422,7 @@ parse_elseif(struct TMPL_token* head, struct TMPL_buf* errbuf){ start_of_name++; start_of_name++;//consume " size_t name_length = get_quoted_string(start_of_name,head->length); - char* name = (char*)malloc(sizeof(char)*name_length); + char* name = (char*)malloc(sizeof(char)*(name_length + 1)); memcpy(name,start_of_name,name_length); name[name_length] = '\0'; t->TMPL_tag.ifelse.varname = name; @@ -436,7 +445,7 @@ parse_elseif(struct TMPL_token* head, struct TMPL_buf* errbuf){ start_of_value++; start_of_value++;//consume " size_t value_length = get_quoted_string(start_of_value,head->length); - char* value = (char*)malloc(sizeof(char)*value_length); + char* value = (char*)malloc(sizeof(char)*(value_length + 1)); memcpy(value,start_of_value,value_length); value[value_length] = '\0'; t->TMPL_tag.ifelse.testval = value; @@ -499,7 +508,7 @@ parse_if(struct TMPL_token* head, struct TMPL_buf* errbuf){ start_of_name++; start_of_name++;//consume " size_t name_length = get_quoted_string(start_of_name,head->length); - char* name = (char*)malloc(sizeof(char)*name_length); + char* name = (char*)malloc(sizeof(char)*(name_length + 1)); memcpy(name,start_of_name,name_length); name[name_length] = '\0'; t->TMPL_tag.ifelse.varname = name; @@ -522,7 +531,7 @@ parse_if(struct TMPL_token* head, struct TMPL_buf* errbuf){ start_of_value++; start_of_value++;//consume " size_t value_length = get_quoted_string(start_of_value,head->length); - char* value = (char*)malloc(sizeof(char)*value_length); + char* value = (char*)malloc(sizeof(char)*(value_length + 1)); memcpy(value,start_of_value,value_length); value[value_length] = '\0'; t->TMPL_tag.ifelse.testval = value; @@ -952,6 +961,7 @@ compile(const char* tmplstr){ ret->jumping = 0; struct TMPL_token* tokens = TMPL_tokenize(tmplstr,slen); struct TMPL_tagnode* ast = parse(tokens,ret->errout); + TMPL_free_tokens(tokens); if(ast == NULL){ }else{ ret->roottag = ast; @@ -1089,6 +1099,7 @@ render_if(struct TMPL_templates* t, struct TMPL_varlist* varlist){ t->jumping = nt->jumping; }else{ } + free(nt); advance_cursor(t); return 0; } -- cgit v1.2.3-70-g09d2