[Plplot-cvs] SF.net SVN: plplot:[9476] trunk/src

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 9476
          http://plplot.svn.sourceforge.net/plplot/?rev=9476&view=rev
Author:   andrewross
Date:     2009-02-08 22:26:44 +0000 (Sun, 08 Feb 2009)

Log Message:
-----------
strncpy does not guarantee that the destination string will be null terminated if the 
source string is too long.

Modified Paths:
--------------
    trunk/src/plargs.c
    trunk/src/plbox.c
    trunk/src/plcore.c
    trunk/src/plctrl.c
    trunk/src/plfreetype.c
    trunk/src/plmap.c

Modified: trunk/src/plargs.c
===================================================================

--- trunk/src/plargs.c	2009-02-08 22:05:56 UTC (rev 9475)
+++ trunk/src/plargs.c	2009-02-08 22:26:44 UTC (rev 9476)
@@ -1668,6 +1668,7 @@
     PLFLT xl, yl, xr, yr;
 
     strncpy(opttmp, optarg, OPTMAX-1);
+    opttmp[OPTMAX-1] = '\0';
 
     if ((field = strtok(opttmp, ",")) == NULL)
 	return 1;
@@ -2090,6 +2091,7 @@
 /* Set up plplot dimensions */
 
     strncpy(opttmp, optarg, OPTMAX-1);
+    opttmp[OPTMAX-1] = '\0';
     if (strchr (opttmp, 'x')) {
 
     /* -geometry WxH or -geometry WxH+Xoff+Yoff */
@@ -2162,6 +2164,7 @@
     PLINT xwid = 0, ywid = 0, xoff = 0, yoff = 0;
 
     strncpy(opttmp, optarg, OPTMAX-1);
+    opttmp[OPTMAX-1] = '\0';
     if (strchr (opttmp, 'x')) {
 	field = strtok (opttmp, "x");
 	xdpi = atof (field);

Modified: trunk/src/plbox.c
===================================================================
--- trunk/src/plbox.c	2009-02-08 22:05:56 UTC (rev 9475)
+++ trunk/src/plbox.c	2009-02-08 22:26:44 UTC (rev 9476)
@@ -1428,6 +1428,7 @@
 
 	snprintf(form, FORMAT_LEN, "%%.%df", (int) prec);
 	snprintf(temp, TEMP_LEN, form, value);
-	strncpy(string, temp, len);
+	strncpy(string, temp, len-1);
+        string[len-1] = '\0';
     }
 }

Modified: trunk/src/plcore.c
===================================================================
--- trunk/src/plcore.c	2009-02-08 22:05:56 UTC (rev 9475)
+++ trunk/src/plcore.c	2009-02-08 22:26:44 UTC (rev 9476)
@@ -683,6 +683,7 @@
                   if (ptr == NULL) {
                     char buf[BUFFER_SIZE];
                     strncpy (buf, string, 30);
+                    buf[30] = '\0';
                     snprintf (buf, BUFFER_SIZE, "UTF-8 string is malformed: %s%s",
                              buf, strlen (string) > 30 ? "[...]" : "");
                     plabort (buf);

Modified: trunk/src/plctrl.c
===================================================================
--- trunk/src/plctrl.c	2009-02-08 22:05:56 UTC (rev 9475)
+++ trunk/src/plctrl.c	2009-02-08 22:26:44 UTC (rev 9476)
@@ -1619,12 +1619,12 @@
 plFindName(char *p)
 {
     int n;
-    char buf[1024], *cp;
+    char buf[PLPLOT_MAX_PATH], *cp;
     extern int errno;
     struct stat sbuf;
 
     pldebug("plFindName", "Trying to find %s\n", p);
-    while ((n = readlink(p, buf, 1024)) > 0) {
+    while ((n = readlink(p, buf, PLPLOT_MAX_PATH)) > 0) {
 	pldebug("plFindName", "Readlink read %d chars at: %s\n", n, p);
 	if (buf[0] == '/') {
 	/* Link is an absolute path */
@@ -1860,8 +1860,8 @@
     if (suffix == NULL)
       snprintf (pls->FileName, maxlen, "%s.%s", pls->BaseName, num);
     else {
-      strncpy (prefix, pls->BaseName, BUFFER_SIZE);
-      prefix [suffix - pls->BaseName] = 0;
+      strncpy (prefix, pls->BaseName, BUFFER_SIZE-1);
+      prefix [(suffix - pls->BaseName<BUFFER_SIZE)?(suffix-pls->BaseName):BUFFER_SIZE-1] = '\0';
       snprintf (pls->FileName, maxlen, "%s%s%s", prefix, num, suffix + 2);
     }
 
@@ -1894,10 +1894,11 @@
     suffix = strstr (fnam, "%n");
 
     if (suffix == NULL)
-      strncpy(pls->FileName, fnam, maxlen);
+      strncpy(pls->FileName, fnam, maxlen-1);
+      pls->FileName[maxlen-1] = '\0';
     else {
-      strncpy (prefix, fnam, BUFFER_SIZE);
-      prefix [suffix - fnam] = 0;
+      strncpy (prefix, fnam, BUFFER_SIZE-1);
+      prefix [(suffix - fnam)<BUFFER_SIZE?(suffix-fnam):BUFFER_SIZE-1] = '\0';
       snprintf (pls->FileName, maxlen, "%s%s", prefix, suffix + 2);
     }
 
@@ -1909,7 +1910,8 @@
         plexit("plP_sfnam: Insufficient memory");
       }
 
-    strncpy(pls->BaseName, fnam, maxlen);
+    strncpy(pls->BaseName, fnam, maxlen-1);
+    pls->BaseName[maxlen-1] = '\0';
 }
 
 /*--------------------------------------------------------------------------*\

Modified: trunk/src/plfreetype.c
===================================================================
--- trunk/src/plfreetype.c	2009-02-08 22:05:56 UTC (rev 9475)
+++ trunk/src/plfreetype.c	2009-02-08 22:26:44 UTC (rev 9476)
@@ -597,10 +597,11 @@
 #if defined(MSDOS) || defined(WIN32)
     static char *default_font_names[]={"arial.ttf","times.ttf","timesi.ttf","arial.ttf",
 				       "symbol.ttf"};
-    char WINDIR_PATH[255];
+    char WINDIR_PATH[PLPLOT_MAX_PATH];
     char *b;
     b=getenv("WINDIR");
-    strncpy(WINDIR_PATH,b,255);
+    strncpy(WINDIR_PATH,b,PLPLOT_MAX_PATH-1);
+    WINDIR_PATH[PLPLOT_MAX_PATH-1] = '\0';
 #else
     const char *default_unix_font_dir=PL_FREETYPE_FONT_DIR;
 #endif
@@ -647,7 +648,7 @@
     }
     else
     {
-      strncat(WINDIR_PATH,"\\fonts\\arial.ttf",255);
+      strncat(WINDIR_PATH,"\\fonts\\arial.ttf",PLPLOT_MAX_PATH);
       if (access(WINDIR_PATH, F_OK)==0)
         {
           b=strrchr(WINDIR_PATH,'\\');
@@ -672,10 +673,11 @@
  */
 
     if ((a = getenv("PLPLOT_FREETYPE_FONT_DIR")) != NULL)
-        strncpy(font_dir,a,PLPLOT_MAX_PATH);
+        strncpy(font_dir,a,PLPLOT_MAX_PATH-1);
     else
-        strncpy(font_dir,default_unix_font_dir,PLPLOT_MAX_PATH);
+        strncpy(font_dir,default_unix_font_dir,PLPLOT_MAX_PATH-1);
 
+    font_dir[PLPLOT_MAX_PATH-1] = '\0';
 #endif
 
 /*
@@ -701,17 +703,18 @@
 #else
 	    if ((a[0]=='/')||(a[0]=='~')) /* check for unix abs path */
 #endif
-		strncpy(FT->font_name[i],a,PLPLOT_MAX_PATH);
+		strncpy(FT->font_name[i],a,PLPLOT_MAX_PATH-1);
 
 	    else {
-		strncpy(FT->font_name[i],font_dir,PLPLOT_MAX_PATH);
-		strncat(FT->font_name[i],a,PLPLOT_MAX_PATH);
+		strncpy(FT->font_name[i],font_dir,PLPLOT_MAX_PATH-1);
+		strncat(FT->font_name[i],a,PLPLOT_MAX_PATH-1);
 	    }
 
 	} else {
-	    strncpy(FT->font_name[i],font_dir,PLPLOT_MAX_PATH);
-	    strncat(FT->font_name[i],(char *)TrueTypeLookup[i].pfont,PLPLOT_MAX_PATH);
+	    strncpy(FT->font_name[i],font_dir,PLPLOT_MAX_PATH-1);
+	    strncat(FT->font_name[i],(char *)TrueTypeLookup[i].pfont,PLPLOT_MAX_PATH-1);
 	}
+        FT->font_name[i][PLPLOT_MAX_PATH-1] = '\0';
 
    {
    FILE *infile ;

Modified: trunk/src/plmap.c
===================================================================
--- trunk/src/plmap.c	2009-02-08 22:05:56 UTC (rev 9475)
+++ trunk/src/plmap.c	2009-02-08 22:26:44 UTC (rev 9476)
@@ -105,6 +105,7 @@
      */
     strncpy(filename,type,100);
     strncat(filename,MAP_FILE,100);
+    filename[99] = '\0';
 
     if ((in = plLibOpenPdfstrm(filename)) == NULL)
 	return;


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Plplot-cvs] SF.net SVN: plplot:[9476] trunk/src

Cross-platform, scientific graphics plotting library

[Plplot-cvs] SF.net SVN: plplot:[9476] trunk/src