bug-apl
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-apl] Quad_SVx.cc some border line condition.


From: Hans-Peter Sorge
Subject: [Bug-apl] Quad_SVx.cc some border line condition.
Date: Fri, 25 May 2018 12:00:34 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

Hello Juergen,

in Quad_SVx.cc around line 570:

                char filename[APL_PATH_MAX + 1];
                int slen = snprintf(filename, APL_PATH_MAX, "%s/%s",
dirname, entry->d_name);
                if (slen >= APL_PATH_MAX)   filename[APL_PATH_MAX] = 0;

filename will be returned at most APL_PATH_MAX chars long including
\0-termination.
So line -3- will do nothing as filename[APL_PATH_MAX-1] is already '\0'

dirname is defined as  char dirname[APL_PATH_MAX + 1]; 
Just as a sidestep: If dirname was set to APL_PATH_MAX characters +
final \0, then 
the resulting filename will be filled with a truncated path (one char
less ),
the following '/' and d_name are being discarded, resulting in an
invalid filename .      

Here is my take:

dirname is 4096+1 chars long
entry->d_name is 256 chars long
So the max length of filename could then be APL_PATH_MAX(%s)+ 1 (/)  +
255 (%s) +1 (\0).  -> 4353 bytes long.
snprintf strips the trailing \0s from the input and adds one.

               //  PATH + / + NAME + \0
                enum { FN_MAX_LENGTH=APL_PATH_MAX +1 +255 +1};
               char filename[FN_MAX_LENGTH ];                   
               snprintf(filename,FN_MAX_LENGTH , "%s/%s", dirname,
entry->d_name);

Again, I did not dig deeper into the code/spec to find out whether the
maximum filename length
should be 4096+1 bytes, then dirname has to be 4k-256byte long ,
or whether the maximum filename length should be 4353 bytes.

Best regards
Hans-Peter



reply via email to

[Prev in Thread] Current Thread [Next in Thread]