From 252e8122bf6275503762d9702077842ca9794f4b Mon Sep 17 00:00:00 2001 From: Jason Smith Date: Thu, 30 Jun 2016 13:56:59 -0700 Subject: [PATCH] Fix buffer overrun using PutN (closes #672) Fix inconsistent calling of template functions in PutN in stream.h. When used with a GenericStringBuffer<, MemoryPoolAllocator>, PutN would call PutReserve from stream.h, and PutUnsafe from stringbuffer.h. This resulted in bytes being added to the buffer without allocating space. This was not an issue when used with the default memory allocator, because in this case the specialized PutN is used from stringbuffer.h. --- include/rapidjson/stream.h | 2 +- test/unittest/stringbuffertest.cpp | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/rapidjson/stream.h b/include/rapidjson/stream.h index dd2783b..fef82c2 100644 --- a/include/rapidjson/stream.h +++ b/include/rapidjson/stream.h @@ -95,7 +95,7 @@ inline void PutUnsafe(Stream& stream, typename Stream::Ch c) { //! Put N copies of a character to a stream. template inline void PutN(Stream& stream, Ch c, size_t n) { - PutReserve(stream, n); + PutReserve(stream, n); for (size_t i = 0; i < n; i++) PutUnsafe(stream, c); } diff --git a/test/unittest/stringbuffertest.cpp b/test/unittest/stringbuffertest.cpp index 9be98fc..ded513c 100644 --- a/test/unittest/stringbuffertest.cpp +++ b/test/unittest/stringbuffertest.cpp @@ -37,6 +37,13 @@ TEST(StringBuffer, Put) { EXPECT_STREQ("A", buffer.GetString()); } +TEST(StringBuffer, PutN_Issue672) { + GenericStringBuffer, MemoryPoolAllocator<> > buffer; + EXPECT_EQ(0, buffer.GetSize()); + rapidjson::PutN(buffer, ' ', 1); + EXPECT_EQ(1, buffer.GetSize()); +} + TEST(StringBuffer, Clear) { StringBuffer buffer; buffer.Put('A');