Skip to content

Commit

Permalink
Fix memory corruption in unicode:characters_to_binary
Browse files Browse the repository at this point in the history 
`term_binary_data_size_in_terms` is dangerous since it doesn't account
for binary header size, so a memory corruption is almost certain.

Signed-off-by: Davide Bettio <davide@uninstall.it>
  • Loading branch information
@bettio
bettio committed Sep 23, 2024
1 parent 56f553e commit f9e3084
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ instead

- ESP32: content of `boot.avm` partition is not truncated anymore
- ESP32: Fixed gpio:set_int` to accept any pin, not only pin 2
- Fix memory corruption in `unicode:characters_to_binary`

## [0.6.4] - 2024-08-18

Expand Down
2 changes: 1 addition & 1 deletion src/libAtomVM/nifs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4616,7 +4616,7 @@ static term nif_unicode_characters_to_binary(Context *ctx, int argc, term argv[]
if (UNLIKELY(conv_result == UnicodeBadArg)) {
RAISE_ERROR(BADARG_ATOM);
}
size_t needed_terms = term_binary_data_size_in_terms(len);
size_t needed_terms = term_binary_heap_size(len);
if (UNLIKELY(conv_result == UnicodeError || conv_result == UnicodeIncompleteTransform)) {
needed_terms += TUPLE_SIZE(3) + rest_size;
}
Expand Down

0 comments on commit f9e3084

Please sign in to comment.