Fix a crash in String::changeBuffer()

raheelh · raheelh · commit fdf8599aaae1 · 2016-02-22T22:57:21.000-06:00
Calling String::reserve() causes a crash if String object was in invalidated state. Per the comment on the method's declaration in ESP_SSD1306.h, This method was supposed to recover invalidated strings. This change fixes the edge case bug in String::changeBuffer() which is the root cause of the crash exposed from String::reserve().

Following test code was used to reproduce the problem and also to validate the fix:

String result;
while(true){
  char c = 'A';
  result += c; // the loop will cause malloc() to fail at some point.
  if (result.c_str()==0)
  {
    Serial.println("String INVALIDATED!!!!!");
    result.reserve(0);   // before fix, this would crash.
    Serial.println("Trying to empty....");
    result=""; 
    Serial.println("Emptied!!!!");
    break;
  } 
}
diff --git a/cores/esp8266/WString.cpp b/cores/esp8266/WString.cpp
@@ -156,9 +156,11 @@ unsigned char ICACHE_FLASH_ATTR String::changeBuffer(unsigned int maxStrLen) {
     char *newbuffer = (char *) malloc(newSize);
     if(newbuffer) {
         memset(newbuffer, 0, newSize);
-        memcpy(newbuffer, buffer, len);
         if (buffer)
+        {
+            memcpy(newbuffer, buffer, len);
             free(buffer);
+        }
         capacity = newSize - 1;
         buffer = newbuffer;
         return 1;
