From c59611a3b3c031d253b927f5fa199ff176fd728c Mon Sep 17 00:00:00 2001 From: omar Date: Tue, 5 Feb 2019 23:38:57 +0100 Subject: [PATCH] InputText: Fixed redo buffer exhaustion handling (rare) which could corrupt the undo character buffer. (#2333) --- docs/CHANGELOG.txt | 2 ++ imstb_textedit.h | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/CHANGELOG.txt b/docs/CHANGELOG.txt index 442b0706a..448ad27fb 100644 --- a/docs/CHANGELOG.txt +++ b/docs/CHANGELOG.txt @@ -41,6 +41,8 @@ Other Changes: - Added .editorconfig file for text editors to standardize using spaces. (#2038) [@kudaba] - InputText: Fixed a bug where ESCAPE would not restore the initial value in all situations. (#2321) [@relick] - InputText: Fixed a bug where ESCAPE would be first captured by the Keyboard Navigation code. (#2321, #787) +- InputText: Fixed redo buffer exhaustion handling (rare) which could corrupt the undo character buffer. (#2333) + The way the redo/undo buffers work would have made it generally unnoticeable to the user. - Fixed range-version of PushID() and GetID() not honoring the ### operator to restart from the seed value. - Fixed CloseCurrentPopup() on a child-menu of a modal incorrectly closing the modal. (#2308) - Tabs: Added ImGuiTabBarFlags_TabListPopupButton flag to show a popup button on manual tab bars. (#261, #351) diff --git a/imstb_textedit.h b/imstb_textedit.h index 27e34f740..d79c7730a 100644 --- a/imstb_textedit.h +++ b/imstb_textedit.h @@ -1132,7 +1132,13 @@ static void stb_textedit_discard_redo(StbUndoState *state) state->undo_rec[i].char_storage += n; } // now move all the redo records towards the end of the buffer; the first one is at 'redo_point' - STB_TEXTEDIT_memmove(state->undo_rec + state->redo_point+1, state->undo_rec + state->redo_point, (size_t) ((STB_TEXTEDIT_UNDOSTATECOUNT - state->redo_point)*sizeof(state->undo_rec[0]))); + size_t move_size = (size_t)((STB_TEXTEDIT_UNDOSTATECOUNT - state->redo_point - 1) * sizeof(state->undo_rec[0])); + const char* buf_begin = (char*)state->undo_rec; (void)buf_begin; + const char* buf_end = (char*)state->undo_rec + sizeof(state->undo_rec); (void)buf_end; + IM_ASSERT(((char*)(state->undo_rec + state->redo_point)) >= buf_begin); + IM_ASSERT(((char*)(state->undo_rec + state->redo_point + 1) + move_size) <= buf_end); + STB_TEXTEDIT_memmove(state->undo_rec + state->redo_point+1, state->undo_rec + state->redo_point, move_size); + // now move redo_point to point to the new one ++state->redo_point; }