UnityMirror/spine-runtimes
1
0
Fork 0
mirror of https://github.com/EsotericSoftware/spine-runtimes.git synced 2025-12-21 01:36:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix use after free

Browse Source 
the string created by value.substr(index * 2, 2) is deleted after c_str()
but before strtoul executes. The solution is to use a temporary string
to store the value.
This commit is contained in:
Victor Savu 2013-03-04 20:43:33 +02:00
parent f77459983f
commit 67aa830511
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
spine-cpp/src/spine/BaseSkeletonJson.cpp
View File

@ -21,8 +21,9 @@ namespace spine {
static float toColor (const string &value, int index) { static float toColor (const string &value, int index) {
if (value.size() != 8) throw runtime_error("Error parsing color, length must be 8: " + value); if (value.size() != 8) throw runtime_error("Error parsing color, length must be 8: " + value);
char *p; char *p;
int color = strtoul(value.substr(index * 2, 2).c_str(), &p, 16); string tmp = value.substr(index * 2, 2);
if (*p != 0) throw runtime_error("Error parsing color: " + value + ", invalid hex value: " + value.substr(index * 2, 2)); int color = strtoul(tmp.c_str(), &p, 16);
if (*p != 0) throw runtime_error("Error parsing color: " + value + ", invalid hex value: " + tmp);
return color / (float)255; return color / (float)255;
} }