[PD-cvs] pd/src s_path.c,1.11.6.2,1.11.6.3

Russell Bryant russellbryant at users.sourceforge.net
Sun Jan 6 15:39:11 CET 2008 

Update of /cvsroot/pure-data/pd/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7626

Modified Files:
      Tag: branch-v0-40-extended
	s_path.c 
Log Message:
(add patch from issue #1852385)

This patch provides a revised implementation of the strtokcpy() function in
s_path.c. It provides the following benefits:

1) Prevent potential overflow of a stack buffer. This function did nothing
to ensure that it didn't write past the end of the destination buffer.

It is possible to cause this to happen by providing certain command line
arguments that are longer than MAXPDSTRING. Also, there may be other ways
to trigger this bug if namelist_append_files() is used anywhere beyond the
uses I reviewed, which are the ones in pd/*.c.

2) Copy bytes from the string in the same loop that looks for the
delimiter. This is simply for efficiency in that the string only has to be
traversed once, instead of twice (one to find the delimiter, and the second
to copy up to it).


Index: s_path.c
===================================================================
RCS file: /cvsroot/pure-data/pd/src/s_path.c,v
retrieving revision 1.11.6.2
retrieving revision 1.11.6.3
diff -C2 -d -r1.11.6.2 -r1.11.6.3
*** s_path.c	6 Jan 2008 03:43:08 -0000	1.11.6.2
--- s_path.c	6 Jan 2008 14:39:09 -0000	1.11.6.3
***************
*** 73,91 ****
  /*******************  Utility functions used below ******************/
  
! /* copy until delimiter and return position after delimiter in string */
! /* if it was the last substring, return NULL */
! 
! static const char* strtokcpy(char *to, const char *from, int delim)
  {
!     int size = 0;
  
!     while (from[size] != (char)delim && from[size] != '\0')
!         size++;
  
!     strncpy(to,from,size);
!     to[size] = '\0';
!     if (from[size] == '\0') return NULL;
!     if (size) return from+size+1;
!     else return NULL;
  }
  
--- 73,99 ----
  /*******************  Utility functions used below ******************/
  
! /*!
!  * \brief copy until delimiter
!  * 
!  * \arg to destination buffer
!  * \arg to_len destination buffer length
!  * \arg from source buffer
!  * \arg delim string delimiter to stop copying on
!  *
!  * \return position after delimiter in string.  If it was the last
!  *         substring, return NULL.
!  */
! static const char *strtokcpy(char *to, size_t to_len, const char *from, char delim)
  {
!     unsigned int i = 0;
  
! 	for (; i < (to_len - 1) && from[i] && from[i] != delim; i++)
! 		to[i] = from[i];
! 	to[i] = '\0';
  
! 	if (i && from[i] != '\0')
! 		return from + i + 1;
! 
! 	return NULL;
  }
  
***************
*** 135,139 ****
      do
      {
!         npos = strtokcpy(temp, npos, SEPARATOR);
          if (! *temp) continue;
          nl = namelist_append(nl, temp, 0);
--- 143,147 ----
      do
      {
!         npos = strtokcpy(temp, sizeof(temp), npos, SEPARATOR);
          if (! *temp) continue;
          nl = namelist_append(nl, temp, 0);

More information about the Pd-cvs mailing list