[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
commit ee46f6404b033f4d1312c6b52a207ec2da99d94b
|
From: |
John Darrington |
|
Subject: |
commit ee46f6404b033f4d1312c6b52a207ec2da99d94b |
|
Date: |
Wed, 29 Jul 2009 05:53:22 +0000 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Regarding Jason's latest commit to master, ("Merged changes from
branch interaction-review"):
I get nervous when I see memcpy used, because :
1) Its use of void * arguments circumvents type checking.
2) It offers no protection against buffer overflow.
The patch below fixes the first problem (you'll have to re-run make -f Smake).
Regarding the second problem, (specifically, I can't see anything to ensure
that result->val will be large enough to contain the concatenated string)
I suggest an assertion similar to assert (offset < val_width);
J'
index 2697064..0716672 100644
--- a/Smake
+++ b/Smake
@@ -78,6 +78,7 @@ GNULIB_MODULES = \
unistd \
unistr/u8-strlen \
unistr/u8-strncat \
+ unistr/u8-strncpy \
unlocked-io \
vasprintf-posix \
vfprintf-posix \
diff --git a/src/math/interaction.c b/src/math/interaction.c
index 46d7e13..82e2bee 100644
--- a/src/math/interaction.c
+++ b/src/math/interaction.c
@@ -37,6 +37,7 @@
#include <data/variable.h>
#include <math/interaction.h>
#include <string.h>
+#include "unistr.h"
#include <xalloc.h>
struct interaction_variable
@@ -150,7 +151,7 @@ interaction_value_create (const struct interaction_variable
*var, const union va
if (var != NULL)
{
int val_width = var_get_width (interaction_get_variable (var));
- int offset;
+ int offset = 0;
result = xmalloc (sizeof (*result));
result->intr = var;
@@ -158,7 +159,6 @@ interaction_value_create (const struct interaction_variable
*var, const union va
value_init (&result->val, val_width);
- offset = 0;
result->f = 1.0;
for (i = 0; i < n_vars; i++)
{
@@ -174,9 +174,9 @@ interaction_value_create (const struct interaction_variable
*var, const union va
{
if (var_is_alpha (var->members[i]))
{
- char *val = value_str_rw (&result->val, val_width);
+ uint8_t *val = value_str_rw (&result->val, val_width);
int w = var_get_width (var->members[i]);
- memcpy (val + offset, value_str (vals[i], w), w);
+ u8_strncpy (val + offset, value_str (vals[i], w), w);
offset += w;
}
else if (var_is_numeric (var->members[i]))
--
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://pgp.mit.edu or any PGP keyserver for public key.
signature.asc
Description: Digital signature
- commit ee46f6404b033f4d1312c6b52a207ec2da99d94b,
John Darrington <=