From: Mark M. <mie...@gm...> - 2013-05-28 14:59:18
|
Okay thanks. I also am a little nervous about the fix, which is the main reason I asked. I'm going to commit it for now. -- Mark Miesfeld On Tue, May 28, 2013 at 7:54 AM, Rick McGuire <obj...@gm...> wrote: > To fix the immediate problem, that will work. I'm a little nervous about > this still ending up as a functional stream object that might open a > different filename if used though. That, however, would require a much > more pervasive fix, so the simple fix is probably fine. > > Rick > > > On Tue, May 28, 2013 at 10:51 AM, Mark Miesfeld <mie...@gm...>wrote: > >> Rick, >> >> The cause of this crash is fairly obvious. There is no check that the >> string given as a file name is longer than the fixed length buffer. >> >> I'm not sure what the philosophy here is since it is part of the stream >> stuff. There doesn't seem to be any provision for raising an error. >> >> One fix would be to just truncate the name to fit in the buffer: >> >> Index: interpreter/platform/windows/SysFileSystem.cpp >> =================================================================== >> --- interpreter/platform/windows/SysFileSystem.cpp (revision 9236) >> +++ interpreter/platform/windows/SysFileSystem.cpp (working copy) >> @@ -138,7 +138,15 @@ >> return; /* nothing more to do >> } >> /* copy the name to full area */ >> - strcpy(qualifiedName, unqualifiedName); >> + if (strlen(unqualifiedName) >= bufferSize) >> + { >> + strncpy(qualifiedName, unqualifiedName, bufferSize - 1); >> + qualifiedName[bufferSize - 1] = '\0'; >> + } >> + else >> + { >> + strcpy(qualifiedName, unqualifiedName); >> + } >> >> size_t namelen = strlen(qualifiedName); >> /* name end in a colon? */ >> >> At this point, that is the fix I would go with. Or would you want >> something else? >> >> -- >> Mark Miesfeld >> >> >> ------------------------------------------------------------------------------ >> Try New Relic Now & We'll Send You this Cool Shirt >> New Relic is the only SaaS-based application performance monitoring >> service >> that delivers powerful full stack analytics. Optimize and monitor your >> browser, app, & servers with just a few lines of code. Try New Relic >> and get this awesome Nerd Life shirt! >> http://p.sf.net/sfu/newrelic_d2d_may >> _______________________________________________ >> Oorexx-devel mailing list >> Oor...@li... >> https://lists.sourceforge.net/lists/listinfo/oorexx-devel >> >> > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > Oorexx-devel mailing list > Oor...@li... > https://lists.sourceforge.net/lists/listinfo/oorexx-devel > > |