Bugfix/ubasic-string-tokenizer-null-termination (#1196)
* Fixed tokenizer_string() off-by-one buffer overflow when processing string literals longer than the buffer limit. * Fixed ubasic potential string buffer overflows by using snprintf instead of sprintf. * Fixed ubasic label strings to use UBASIC_LABEL_LEN_MAX as buffer limit. * Fixed ubasic string variables to initialize with zeros. * Fixed compile errors when UBASIC_DEBUG_STRINGVARIABLES is defined. * Added ubasic string variables user accessor API and unit testing for ubasic string variables. * Fixed tokenizer_label() off-by-one buffer overflow when processing string literals longer than the buffer limit.
This commit is contained in:
Steve Karg
+9
-1
@@ -12,12 +12,20 @@ The git repositories are hosted at the following sites:
|
||||
* https://bacnet.sourceforge.net/
|
||||
* https://github.com/bacnet-stack/bacnet-stack/
|
||||
|
||||
## [Unreleased] - 2025-12-04
|
||||
## [Unreleased] - 2026-01-03
|
||||
|
||||
### Security
|
||||
|
||||
* Secured npdu_is_expected_reply() function where the MS/TP reply matcher
|
||||
could have an out-of-bounds read. (#1178)
|
||||
* Secured ubasic interpreter tokenizer_string() and tokenizer_label()
|
||||
off-by-one buffer overflow when processing string literals longer
|
||||
than the buffer limit.
|
||||
Fixed ubasic potential string buffer overflows by using snprintf.
|
||||
Fixed ubasic label strings to use UBASIC_LABEL_LEN_MAX as buffer limit.
|
||||
Fixed ubasic string variables to initialize with zeros.
|
||||
Fixed compile errors when UBASIC_DEBUG_STRINGVARIABLES is defined.
|
||||
Added ubasic string variables user accessor API and unit testing. (#1196)
|
||||
|
||||
### Added
|
||||
|
||||
|
||||
Reference in New Issue
Block a user