Menu
▾
▴
[ bzflag-Patches-2895691 ] strncpy() usage cleanup, fix off by one errors
|
From: SourceForge.net <no...@so...> - 2009-11-11 07:46:45
|
Patches item #2895691, was opened at 2009-11-11 05:18 Message generated for change (Comment added) made by atupone You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=303248&aid=2895691&group_id=3248 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: BZFlag Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Russell Bryant (russellbryant) Assigned to: Nobody/Anonymous (nobody) Summary: strncpy() usage cleanup, fix off by one errors Initial Comment: This patch cleans up some code related to the use of strncpy() across the tree. The most "important" change is to fix a number of off by one errors. By passing the exact buffer size as the third argument, it is possible for strncpy() to write one byte past the end of the buffer. While reviewing uses of strncpy() for this problem, some related cleanup was done: 1) Instead of using hard coded buffer sizes, use sizeof() to determine the proper length limit. 2) Remove some unnecessary uses of memset(). ---------------------------------------------------------------------- >Comment By: Tupone Alfredo (atupone) Date: 2009-11-11 08:46 Message: As the 3rd parameter at the strncpy is the length of the buffer, passing sizeof(buffer) -1 as this parameter you could eventually not copy the null terminator if the strlen of the source string is equal to sizeof(buffer) -1 That was why all those memset to 0 or dest[len]='\0' was there ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=303248&aid=2895691&group_id=3248 |