bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix buffer overfow with zeroing stack

Browse Source
This commit is contained in:
Stas Degteff 2011-02-22 20:25:14 +00:00
parent a698156d4d
commit ce9dabb83f
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
golded3/geutil.cpp
View File

@ -38,13 +38,14 @@ extern GPickArealist* PickArealist;
// ------------------------------------------------------------------
void update_statuslines() {
char buf[200]; /* FIXME: it is need to use dynamic arrays in this fuction to prevent buffer overflow or screen garbage */
char * const buf_end = buf+199;
static char old_status_line[200] = "";
char * const old_status_line_end = old_status_line+199;
# define BUFSIZE 200
# define BUFLEN 199
char buf[BUFSIZE]=""; /* FIXME: it is need to use dynamic arrays in this fuction to prevent buffer overflow or screen garbage */
char * const buf_end = buf+BUFLEN;
static char old_status_line[BUFSIZE] = "";
char * const old_status_line_end = old_status_line+BUFLEN;
static int called = NO;
const int WIDE= sizeof(buf)>MAXCOL? MAXCOL : sizeof(buf)-1;
const int WIDE= BUFLEN>MAXCOL? MAXCOL : BUFLEN;
HandleGEvent(EVTT_REMOVEVOCBUF);
@ -54,7 +55,7 @@ void update_statuslines() {
called = YES;
vchar sep = _box_table(W_BSTAT, 3);
char help[200], clkinfo[200];
char help[BUFSIZE], clkinfo[BUFSIZE];
*clkinfo = NUL;
*help = NUL;
@ -86,15 +87,12 @@ void update_statuslines() {
int help_len = strlen(help);
int clk_len = strlen(clkinfo);
int len = WIDE-help_len-clk_len-2;
// LOG.printf("! --- %i bytes help=\"%s\"", help_len, help?help:"NULL");
// LOG.printf("! --- %i bytes information=\"%s\"", len, information?information:"NULL");
// LOG.printf("! --- %i bytes clkinfo=\"%s\"", clk_len, clkinfo?clkinfo:"NULL");
gsprintf(PRINTF_DECLARE_BUFFER(buf), "%c%s%-*.*s%s ", goldmark, help, len, len, information, clkinfo);
char *begin = buf;
char *obegin = old_status_line;
char *end = buf + WIDE;
char *oend = old_status_line + WIDE;
char *end = buf + WIDE-1; // last position before final '\0'
char *oend = old_status_line + WIDE-1; // last position before final '\0'
while((*begin != NUL) and (*begin == *obegin) and (begin<buf_end) and (obegin<old_status_line_end)) {
++begin;
++obegin;
@ -130,6 +128,8 @@ void update_statuslines() {
gmou.ShowCursor();
#endif
}
# undef BUFSIZE
# undef BUFLEN
} /* update_statuslines() */