[fpc-devel] possible unicode buffer overflow
Marc Weustink
marc at dommelstein.nl
Fri Apr 17 14:05:01 CEST 2026
Hi,
In order to track unfreed memory at work, I've written a custom memory
manager wrapper around the default manager.
To be sure that the memory isn't corrupted, the returned memory blocks
are surrounded by guard bytes.
What I see when a string is released that there is no room for the
trailing null. The free is triggered by FPC_UNICODESTR_DECR_REF, so I
assume the extra null is somewhere written when creating the string
Running fpc 3.2.2 win 64
allocated size: 36 bytes
guard start: CC BB BB BB BB BB BB CC
guard end: CC FF FF FF FF FF FF CC
CC BB BB BB BB BB BB CC B0 04 02 00 0D F0 AD BA ................
00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 ................
6E 00 6F 00 62 00 65 00 61 00 74 00 00 00 FF FF n.o.b.e.a.t.....
FF FF FF CC ....
What you see here is that the first 2 bytes of the end guard are
overwritten.
Is this issue known ?
Thanks, Marc
More information about the fpc-devel
mailing list