bug-ncurses
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: use of unitialized variable in read_entry.c

From: Thomas Dickey
Subject: Re: use of unitialized variable in read_entry.c
Date: Tue, 21 Jan 2003 16:15:09 -0500
User-agent: Mutt/1.3.27i 
On Tue, Jan 21, 2003 at 08:15:51AM +0100, Wolfgang Rohdewald wrote:
> found by valgrind in ncurses 5.3:
> 
> >> at line 200:
>     /* grab the name (a null-terminate string) */
> >> here, buf can contain anything
>     read(fd, buf, min(MAX_NAME_SIZE, (unsigned) name_size));
> >> if name_size < MAX_NAME_SIZE, buf[name_size..MAX_NAME_SIZE-1] is still 
> >> unitialized
>     buf[MAX_NAME_SIZE] = '\0';
> >> it still is.
>     ptr->term_names = typeCalloc(char, strlen(buf) + 1);
> >> strlen(buf) reaches buf[name_size] which is unitialized.
> 
> So if buf[name_size] etc. contain something !=0 
> term_names has garbage added to its end.
> 
> My proposal: add a memset:
> 
> Wolfgang
> 
> --- read_entry.c.org    Tue Jan 21 07:46:23 2003
> +++ read_entry.c        Tue Jan 21 07:47:04 2003
> @@ -198,6 +198,7 @@
>      }
> 
>      /* grab the name (a null-terminate string) */
> +    memset(buf,0,MAX_NAME_SIZE);
>      read(fd, buf, min(MAX_NAME_SIZE, (unsigned) name_size));
>      buf[MAX_NAME_SIZE] = '\0';

or  (declaring 'have', 'want' as unsigned), something like (untested):

        want = min(MAX_NAME_SIZE, (unsigned) name_size);
        if ((have = read(fd, buf, want)) != want)
            memset(buf + have, 0, want - have);

>      ptr->term_names = typeCalloc(char, strlen(buf) + 1);
> 
> 
> 
> _______________________________________________
> Bug-ncurses mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/bug-ncurses

-- 
Thomas E. Dickey <address@hidden>
http://invisible-island.net
ftp://invisible-island.net
reply via email to
[Prev in Thread] Current Thread [Next in Thread]