buffer: Fix the read_string() size logic

We need to determine the size before calling substring(), to avoid violating the API contract.
frida · May 14, 2024 · 70581cd · 70581cd
1 parent fa71e1f
commit 70581cd
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/lib/base/buffer.vala b/lib/base/buffer.vala
@@ -429,11 +429,17 @@ namespace Frida {
 		}
 
 		public string read_string (size_t offset) {
-			string * val = (string *) get_pointer (offset, sizeof (char));
 			size_t max_length = size - offset;
-			return val->substring (0, (long) max_length);
+			string * val = (string *) get_pointer (offset, sizeof (char));
+			string * end = memchr (val, 0, max_length);
+			assert (end != null);
+			size_t size = end - val;
+			return val->substring (0, (long) size);
 		}
 
+		[CCode (cname = "memchr", cheader_filename = "string.h")]
+		private extern static string * memchr (string * s, int c, size_t n);
+
 		public string read_fixed_string (size_t offset, size_t size) {
 			string * val = (string *) get_pointer (offset, size);
 			return val->substring (0, (long) size);