Fix a crash in String::changeBuffer()

Calling String::reserve() causes a crash if String object was in invalidated state. Per the comment on the method's declaration in ESP_SSD1306.h, This method was supposed to recover invalidated strings. This change fixes the edge case bug in String::changeBuffer() which is the root cause of the crash exposed from String::reserve(). Following test code was used to reproduce the problem and also to validate the fix: String result; while(true){ char c = 'A'; result += c; // the loop will cause malloc() to fail at some point. if (result.c_str()==0) { Serial.println("String INVALIDATED!!!!!"); result.reserve(0); // before fix, this would crash. Serial.println("Trying to empty...."); result=""; Serial.println("Emptied!!!!"); break; } }
sam642 · Feb 23, 2016 · fdf8599 · fdf8599
1 parent f28c5be
commit fdf8599
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/cores/esp8266/WString.cpp b/cores/esp8266/WString.cpp
@@ -156,9 +156,11 @@ unsigned char ICACHE_FLASH_ATTR String::changeBuffer(unsigned int maxStrLen) {
     char *newbuffer = (char *) malloc(newSize);
     if(newbuffer) {
         memset(newbuffer, 0, newSize);
-        memcpy(newbuffer, buffer, len);
         if (buffer)
+        {
+            memcpy(newbuffer, buffer, len);
             free(buffer);
+        }
         capacity = newSize - 1;
         buffer = newbuffer;
         return 1;