fengqi/lv_micropython
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

py/objdeque: Fix buffer overflow in deque_subscr.

Browse Source 
In `deque_subscr()`, if `index_val` equals `self->alloc`, the index
correction `index_val -= self->alloc` does not execute, leading to an
out-of-bounds access in `self->items[index_val]`.

The fix in this commit ensures that the index correction is applied
whenever `index_val >= self->alloc`, preventing access beyond the allocated
buffer size.

Signed-off-by: Jan Sturm <jansturm92@googlemail.com>
This commit is contained in:
Jan Sturm 2024-10-29 19:26:19 +01:00 committed by Damien George
parent c0afff8f22
commit a7d3bc2308
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
py/objdeque.c
View File

@ -208,7 +208,7 @@ static mp_obj_t deque_subscr(mp_obj_t self_in, mp_obj_t index, mp_obj_t value) {
size_t offset = mp_get_index(self->base.type, deque_len(self), index, false); size_t offset = mp_get_index(self->base.type, deque_len(self), index, false);
size_t index_val = self->i_get + offset; size_t index_val = self->i_get + offset;
if (index_val > self->alloc) { if (index_val >= self->alloc) {
index_val -= self->alloc; index_val -= self->alloc;
} }