arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

Fix a crash in String::changeBuffer()

Browse Source 
Calling String::reserve() causes a crash if String object was in invalidated state. Per the comment on the method's declaration in ESP_SSD1306.h, This method was supposed to recover invalidated strings. This change fixes the edge case bug in String::changeBuffer() which is the root cause of the crash exposed from String::reserve().

Following test code was used to reproduce the problem and also to validate the fix:

String result;
while(true){
  char c = 'A';
  result += c; // the loop will cause malloc() to fail at some point.
  if (result.c_str()==0)
  {
    Serial.println("String INVALIDATED!!!!!");
    result.reserve(0);   // before fix, this would crash.
    Serial.println("Trying to empty....");
    result=""; 
    Serial.println("Emptied!!!!");
    break;
  } 
}
This commit is contained in:
raheelh 2016-02-22 22:57:21 -06:00
parent f28c5be479
commit fdf8599aaa
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cores/esp8266/WString.cpp
View File

@ -156,9 +156,11 @@ unsigned char ICACHE_FLASH_ATTR String::changeBuffer(unsigned int maxStrLen) {
char *newbuffer = (char *) malloc(newSize); char *newbuffer = (char *) malloc(newSize);
if(newbuffer) { if(newbuffer) {
memset(newbuffer, 0, newSize); memset(newbuffer, 0, newSize);
memcpy(newbuffer, buffer, len);
if (buffer) if (buffer)
{
memcpy(newbuffer, buffer, len);
free(buffer); free(buffer);
}
capacity = newSize - 1; capacity = newSize - 1;
buffer = newbuffer; buffer = newbuffer;
return 1; return 1;