* fixed buffer overflows in int_str() + test

git-svn-id: trunk@8395 -

.gitattributes

@@ -7133,6 +7133,7 @@ tests/test/units/system/teststk.pp svneol=native#text/plain
 tests/test/units/system/testux.txt svneol=native#text/plain
 tests/test/units/system/tincdec.pp svneol=native#text/plain
 tests/test/units/system/tint.pp svneol=native#text/plain
+tests/test/units/system/tintstr.pp svneol=native#text/plain
 tests/test/units/system/tio.pp svneol=native#text/plain
 tests/test/units/system/tiorte.pp svneol=native#text/plain
 tests/test/units/system/tjmp.pp svneol=native#text/plain

rtl/inc/generic.inc

@@ -1149,16 +1149,21 @@ var
   m,m1 : longword;
   pc,pc2 : pchar;
   hs : string[32];
+  b : longint;
 begin
   pc2:=@s[1];
   if (l<0) then
     begin
+      b:=1;
       pc2^:='-';
       inc(pc2);
       m:=longword(-l);
     end
   else
-    m:=longword(l);
+    begin
+      b:=0;
+      m:=longword(l);
+    end;
   pc:=@hs[0];
   repeat
     inc(pc);
@@ -1166,13 +1171,15 @@ begin
     pc^:=char(m-(m1*10)+byte('0'));
     m:=m1;
   until m=0;
-  while (pc>pchar(@hs[0])) do
+  while (pc>pchar(@hs[0])) and
+        (b<high(s)) do
     begin
       pc2^:=pc^;
       dec(pc);
       inc(pc2);
+      inc(b);
     end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;
 
 {$endif ndef FPC_SYSTEM_HAS_INT_STR_LONGINT}
@@ -1182,6 +1189,7 @@ end;
 procedure int_str(l:longword;out s:string);
 var
   m1 : longword;
+  b: longint;
   pc,pc2 : pchar;
   hs : string[32];
 begin
@@ -1193,13 +1201,16 @@ begin
     pc^:=char(l-(m1*10)+byte('0'));
     l:=m1;
   until l=0;
-  while (pc>pchar(@hs[0])) do
+  b:=0;
+  while (pc>pchar(@hs[0])) and
+        (b<high(s)) do
     begin
       pc2^:=pc^;
       dec(pc);
       inc(pc2);
+      inc(b);
     end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;
 
 {$endif ndef FPC_SYSTEM_HAS_INT_STR_LONGWORD}
@@ -1210,17 +1221,22 @@ procedure int_str(l:int64;out s:string);
 var
   m,m1 : qword;
   pc,pc2 : pchar;
+  b: longint;
   hs : string[64];
 begin
   pc2:=@s[1];
   if (l<0) then
     begin
+      b:=1;
       pc2^:='-';
       inc(pc2);
       m:=qword(-l);
     end
   else
-    m:=qword(l);
+    begin
+      b:=0;
+      m:=qword(l);
+    end;
   pc:=@hs[0];
   repeat
     inc(pc);
@@ -1228,13 +1244,15 @@ begin
     pc^:=char(m-(m1*10)+byte('0'));
     m:=m1;
   until m=0;
-  while (pc>pchar(@hs[0])) do
+  while (pc>pchar(@hs[0])) and
+        (b < high(s)) do
     begin
       pc2^:=pc^;
       dec(pc);
       inc(pc2);
+      inc(b);
     end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;
 
 {$endif ndef FPC_SYSTEM_HAS_INT_STR_INT64}
@@ -1245,6 +1263,7 @@ procedure int_str(l:qword;out s:string);
 var
   m1 : qword;
   pc,pc2 : pchar;
+  b: longint;
   hs : string[64];
 begin
   pc2:=@s[1];
@@ -1255,13 +1274,16 @@ begin
     pc^:=char(l-(m1*10)+byte('0'));
     l:=m1;
   until l=0;
-  while (pc>pchar(@hs[0])) do
+  b:=0;
+  while (pc>pchar(@hs[0])) and
+        (b<high(s)) do
     begin
       pc2^:=pc^;
       dec(pc);
       inc(pc2);
+      inc(b);
     end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;
 
 {$endif ndef FPC_SYSTEM_HAS_INT_STR_QWORD}

tests/test/units/system/tintstr.pp

@@ -0,0 +1,117 @@
+var
+  l: longint;
+  c: cardinal;
+  i: int64;
+  q: qword;
+
+procedure ts1(const res1, res2, res3, res4: string);
+var
+  r: packed record
+    s: string[1];
+    b1,b2,b3,b4: byte;
+  end;
+begin
+  with r do
+    begin
+      b1:=0;
+      b2:=0;
+      b3:=0;
+      b4:=0;
+      str(l,s);
+      if (res1<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(1);
+
+      str(c,s);
+      if (res2<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(2);
+
+      str(i,s);
+      if (res3<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(3);
+
+      str(q,s);
+      if (res4<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(4);
+    end;
+end;
+
+
+
+procedure ts3(const res1, res2, res3, res4: string);
+var
+  r: packed record
+    s: string[3];
+    b1,b2,b3,b4: byte;
+  end;
+begin
+  with r do
+    begin
+      b1:=0;
+      b2:=0;
+      b3:=0;
+      b4:=0;
+      str(l,s);
+      if (res1<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(1);
+
+      str(c,s);
+      if (res2<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(2);
+
+      str(i,s);
+      if (res3<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(3);
+
+      str(q,s);
+      if (res4<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(4);
+    end;
+end;
+
+
+begin
+  l:=high(longint);
+  c:=high(cardinal);
+  i:=high(int64);
+  q:=high(qword);
+  ts1('2','4','9','1');
+  ts3('214','429','922','184');
+  l:=low(longint)+1;
+  c:=high(cardinal)-1;
+  i:=low(int64)+1;
+  q:=high(qword)-1;
+  ts1('-','4','-','1');
+  ts3('-21','429','-92','184');
+end.