[PD-dev] [ pure-data-Patches-1852385 ] Improve strtokcpy() efficiency, prevent stack overflow

SourceForge.net noreply at sourceforge.net
Wed Dec 19 14:06:33 CET 2007


Patches item #1852385, was opened at 2007-12-17 16:07
Message generated for change (Settings changed) made by zmoelnig
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1852385&group_id=55736

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
Group: bugfix
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Russell Bryant (russellbryant)
>Assigned to: Miller Puckette (millerpuckette)
Summary: Improve strtokcpy() efficiency, prevent stack overflow

Initial Comment:
This patch provides a revised implementation of the strtokcpy() function in s_path.c.  It provides the following benefits:

1) Prevent potential overflow of a stack buffer.  This function did nothing to ensure that it didn't write past the end of the destination buffer.

It is possible to cause this to happen by providing certain command line arguments that are longer than MAXPDSTRING.  Also, there may be other ways to trigger this bug if namelist_append_files() is used anywhere beyond the uses I reviewed, which are the ones in pd/*.c.

2) Copy bytes from the string in the same loop that looks for the delimiter.  This is simply for efficiency in that the string only has to be traversed once, instead of twice (one to find the delimiter, and the second to copy up to it).

3) Document the function using doxygen style tags.

----------------------------------------------------------------------

Comment By: Russell Bryant (russellbryant)
Date: 2007-12-17 16:07

Message:
Logged In: YES 
user_id=1942915
Originator: YES

File Added: strokcpy.txt

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1852385&group_id=55736




More information about the Pd-dev mailing list