diff options
| author | Norbert Thiebaud <nthiebaud@gmail.com> | 2014-10-04 00:36:34 -0500 |
|---|---|---|
| committer | Norbert Thiebaud <nthiebaud@gmail.com> | 2014-10-04 08:58:12 -0500 |
| commit | cb5eb3e7e79f612f036d5f0dd54f12a907f35ea7 (patch) | |
| tree | ec7def63d5d909a9c0f9378b4e7adaf33d6bac2c | |
| parent | 0091f937116550a9f5e30bf200f536701cc0b068 (diff) | |
coverity#706152 Copy into fixed size buffer
Change-Id: Ib347f650d060e7762a367133a1218c2d34c9ce73
| -rw-r--r-- | rsc/source/rscpp/cpp.h | 2 | ||||
| -rw-r--r-- | rsc/source/rscpp/cpp2.c | 47 |
2 files changed, 39 insertions, 10 deletions
diff --git a/rsc/source/rscpp/cpp.h b/rsc/source/rscpp/cpp.h index 1a9f5c6a9841..e12ec0b85381 100644 --- a/rsc/source/rscpp/cpp.h +++ b/rsc/source/rscpp/cpp.h @@ -293,7 +293,7 @@ void doinclude( void ); void dodefine( void ); void doif( int hash ); int openinclude( char*, int ); -int hasdirectory( char*, char* ); +int hasdirectory( char*, char*, int ); int openfile( char* ); /* cpp3.c */ diff --git a/rsc/source/rscpp/cpp2.c b/rsc/source/rscpp/cpp2.c index 4a564dad205c..f082275f227c 100644 --- a/rsc/source/rscpp/cpp2.c +++ b/rsc/source/rscpp/cpp2.c @@ -415,6 +415,8 @@ FILE_LOCAL int openinclude(char* filename, int searchlocal) { char** incptr; char tmpname[NFWORK]; /* Filename work area */ + int len; + int len2; if (searchlocal) { @@ -427,17 +429,36 @@ FILE_LOCAL int openinclude(char* filename, int searchlocal) * source file (as opposed to the current directory). (ARF, SCK). */ if (filename[0] != '/' && - hasdirectory(infile->filename, tmpname)) + hasdirectory(infile->filename, tmpname, NFWORK)) { - strcat(tmpname, filename); + len = strlen(tmpname); + len2 = strlen(filename); + if(len + len2 < NFWORK) + { + memcpy(tmpname + len, filename, len2); + tmpname[len + len2] = 0; + } + else + { + cfatal("Filename work buffer overflow", NULLST); + } } else { - strcpy(tmpname, filename); + len = strlen(filename); + if(len < NFWORK) + { + memcpy(tmpname, filename, len); + tmpname[len] = 0; + } + else + { + cfatal("Filename work buffer overflow", NULLST); + } } #else - if (!hasdirectory(filename, tmpname) && - hasdirectory(infile->filename, tmpname)) + if (!hasdirectory(filename, tmpname, NFWORK) && + hasdirectory(infile->filename, tmpname, NFWORK)) { strcat(tmpname, filename); } @@ -471,7 +492,7 @@ FILE_LOCAL int openinclude(char* filename, int searchlocal) else sprintf(tmpname, "%s\\%s", *incptr, filename); #else - if (!hasdirectory(filename, tmpname)) + if (!hasdirectory(filename, tmpname, NFWORK)) sprintf(tmpname, "%s%s", *incptr, filename); #endif if (openfile(tmpname)) @@ -486,7 +507,7 @@ FILE_LOCAL int openinclude(char* filename, int searchlocal) * node/device/directory part of the string is copied to result and * hasdirectory returns TRUE. Else, nothing is copied and it returns FALSE. */ -FILE_LOCAL int hasdirectory(char* source, char* result) +FILE_LOCAL int hasdirectory(char* source, char* result, int max) { #if HOST == SYS_UNIX char* tp; @@ -495,8 +516,16 @@ FILE_LOCAL int hasdirectory(char* source, char* result) return (FALSE); else { - strncpy(result, source, tp - source + 1); - result[tp - source + 1] = EOS; + int len = (int)(tp - source); + if(len < max) + { + memcpy(result, source, len); + result[len] = 0; + } + else + { + cfatal("Filename work buffer overflow", NULLST); + } return (TRUE); } #else |