Rewrite str_replace using snprintf for security and fix clang-tidy

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

http://www.capstone-engine.org

7.18k stars 1.52k forks source link

Rewrite str_replace using snprintf for security and fix clang-tidy #2350

Closed jiegec closed 1 month ago

jiegec commented 2 months ago

Your checklist for this pull request

[x] I've documented or updated the documentation of every API function and struct this PR changes.
[x] I've added tests that prove my fix is effective or that my feature works (if possible)

Detailed description

Avoid potential integer underflow in strlen(target) - strlen(str1) + strlen(str2) if strlen(str1) is very large. Use snprintf to ensure memory safety.

Test plan

...

Closing issues

...

Rot127 commented 2 months ago

Almost forgot. Please change the doxygen comment of the function to use /// instead of //

jiegec commented 2 months ago

Almost forgot. Please change the doxygen comment of the function to use /// instead of //

Done

XVilka commented 2 months ago

@kabeor, could you take a quick look at this one? To unblock further LoongArch work?