Re: Angus' fdesign -convert fix is buggy too....
Angus Leeming <leeming <at> lyx.org>
2004-06-01 09:41:55 GMT
Duncan Simpson wrote:
>> Actually, once you've got your head around the fact that nobody is
>> there to hold your hand, it isn't too bad. The attached trial
>> program has been tested and is always safe. I'm going to commit
>> this to XForms cvs.
> Unfrotunately Angus' fix is buggy too, because at least on some
> systems size_t is unsigned (linux being a prime example). If so and
> fname_size>fname_capacity then the last strncat gets a huge limit
> (more than INT_MAX) and the buffer overflow will works anyway. Also
> it could be attacked by integer overflow, albeit not on most
> Also Angus put the terminator in too early---unless strncat
> guarantees termination tje '\0' might get clobbered. A suggested
> alternative, which returns 1 if everything is OK and 0 if fname is
> too small, if attached. main has been changed to reflect this
> change, without which people could use overflows to get unexpected
I think I was safe here. Nonetheless, your point about complex code
being difficult to debug is entirely valid...
> I have replaced most of the str* functions with snprintf, which
> makes the code *much* simpler. You could simplify it even more if
> you assumed everyone's snprintf followed C99.
...so I have adopted your replacement, fixing it to work for my needs.
See attached trial2.c and patch against XForms cvs.