little bugs in libmutt/lib.c
- From: Emmanuel <e allaud wanadoo fr>
- To: balsa-list gnome org
- Subject: little bugs in libmutt/lib.c
- Date: Mon, 18 Jun 2001 10:35:00 +0200
Hi all,
other small bugs in libmutt/lib.c (patch attached) :
- Line 1085 : possible buffer overflow : if count=sizeof(prefix) then
*cp=0 writes after prefix buffer
- Line 1102 : same thing for ifstring
- Line 1114 : " " "
- Line 1336 : handle case l<6, l-6 would be negative but of type size_t
(is that a real problem?)
Bye
Manu
--- lib.c Tue Feb 13 10:31:05 2001
+++ lib.c.corr Mon Jun 18 10:28:52 2001
@@ -207,7 +207,7 @@
{
for (; t; t = t->next)
{
- if (!mutt_strncasecmp (s, t->data, mutt_strlen (t->data)) || *t->data == '*')
+ if (*t->data == '*' || !mutt_strncasecmp (s, t->data, mutt_strlen (t->data)))
return 1;
}
return 0;
@@ -902,8 +902,9 @@
{
char *p;
- for (p = s + mutt_strlen (s) - 1 ; p >= s && ISSPACE (*p) ; p--)
- *p = 0;
+ for (p = s + mutt_strlen (s) - 1 ; p >= s && ISSPACE (*p) ; p--);
+ if (p>=s) *(p+1)=0;
+ else *s=0;
}
void mutt_pretty_size (char *s, size_t len, long n)
@@ -1075,7 +1076,7 @@
/* eat the format string */
cp = prefix;
count = 0;
- while (count < sizeof (prefix) &&
+ while (count < sizeof (prefix)-1 &&
(isdigit ((unsigned char) *src) || *src == '.' || *src == '-'))
{
*cp++ = *src++;
@@ -1098,7 +1099,7 @@
/* eat the `if' part of the string */
cp = ifstring;
count = 0;
- while (count < sizeof (ifstring) && *src && *src != '?' && *src != '&')
+ while (count < sizeof (ifstring)-1 && *src && *src != '?' && *src != '&')
{
*cp++ = *src++;
count++;
@@ -1110,7 +1111,7 @@
src++; /* skip the & */
cp = elsestring;
count = 0;
- while (count < sizeof (elsestring) && *src && *src != '?')
+ while (count < sizeof (elsestring)-1 && *src && *src != '?')
{
*cp++ = *src++;
count++;
@@ -1331,7 +1332,8 @@
}
/* leave some space for the trailing characters. */
- l -= 6;
+ if (l>=6) l -= 6;
+ else l=0;
d[j++] = '\'';
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]