* bug#11372: [PATCH] avoid buffer overrun: NUL-terminate after strncpy
@ 2012-04-28 21:56 Jim Meyering
2012-05-02 10:10 ` Chong Yidong
0 siblings, 1 reply; 2+ messages in thread
From: Jim Meyering @ 2012-04-28 21:56 UTC (permalink / raw)
To: 11372
strncpy is often misused.
I would argue that nearly any use constitutes misuse.
Here are a few fixes:
2012-04-28 Jim Meyering <meyering@redhat.com>
avoid buffer overrun: NUL-terminate after strncpy
* lib-src/pop.c (pop_stat, pop_list, pop_multi_first, pop_last):
NUL-terminate the error buffer.
* src/w32font.c (fill_in_logfont): NUL-terminate logfont face name.
---
lib-src/pop.c | 8 +++++++-
src/w32font.c | 7 +++++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/lib-src/pop.c b/lib-src/pop.c
index 37494d1..c4c7f2b 100644
--- a/lib-src/pop.c
+++ b/lib-src/pop.c
@@ -346,6 +346,7 @@ pop_stat (popserver server, int *count, int *size)
if (0 == strncmp (fromserver, "-ERR", 4))
{
strncpy (pop_error, fromserver, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
}
else
{
@@ -447,7 +448,10 @@ pop_list (popserver server, int message, int **IDs, int **sizes)
if (strncmp (fromserver, "+OK ", 4))
{
if (! strncmp (fromserver, "-ERR", 4))
- strncpy (pop_error, fromserver, ERROR_MAX);
+ {
+ strncpy (pop_error, fromserver, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
+ }
else
{
strcpy (pop_error,
@@ -687,6 +691,7 @@ pop_multi_first (popserver server, const char *command, char **response)
if (0 == strncmp (*response, "-ERR", 4))
{
strncpy (pop_error, *response, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
return (-1);
}
else if (0 == strncmp (*response, "+OK", 3))
@@ -860,6 +865,7 @@ pop_last (popserver server)
if (! strncmp (fromserver, "-ERR", 4))
{
strncpy (pop_error, fromserver, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
return (-1);
}
else if (strncmp (fromserver, "+OK ", 4))
diff --git a/src/w32font.c b/src/w32font.c
index dab9f4c..8badace 100644
--- a/src/w32font.c
+++ b/src/w32font.c
@@ -2045,8 +2045,11 @@ fill_in_logfont (FRAME_PTR f, LOGFONT *logfont, Lisp_Object font_spec)
/* Font families are interned, but allow for strings also in case of
user input. */
else if (SYMBOLP (tmp))
- strncpy (logfont->lfFaceName,
- SDATA (ENCODE_SYSTEM (SYMBOL_NAME (tmp))), LF_FACESIZE);
+ {
+ strncpy (logfont->lfFaceName,
+ SDATA (ENCODE_SYSTEM (SYMBOL_NAME (tmp))), LF_FACESIZE);
+ logfont->lfFaceName[LF_FACESIZE-1] = '\0';
+ }
}
tmp = AREF (font_spec, FONT_ADSTYLE_INDEX);
--
1.7.10.382.g62bc8
^ permalink raw reply related [flat|nested] 2+ messages in thread
* bug#11372: [PATCH] avoid buffer overrun: NUL-terminate after strncpy
2012-04-28 21:56 bug#11372: [PATCH] avoid buffer overrun: NUL-terminate after strncpy Jim Meyering
@ 2012-05-02 10:10 ` Chong Yidong
0 siblings, 0 replies; 2+ messages in thread
From: Chong Yidong @ 2012-05-02 10:10 UTC (permalink / raw)
To: Jim Meyering; +Cc: 11372
Jim Meyering <jim@meyering.net> writes:
> strncpy is often misused.
> I would argue that nearly any use constitutes misuse.
>
> Here are a few fixes:
Thanks, committed to the emacs-24 branch.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-05-02 10:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-28 21:56 bug#11372: [PATCH] avoid buffer overrun: NUL-terminate after strncpy Jim Meyering
2012-05-02 10:10 ` Chong Yidong
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).