From ce9dabb83ff590c1c0814b10d18a3acf218d3ba5 Mon Sep 17 00:00:00 2001 From: Stas Degteff Date: Tue, 22 Feb 2011 20:25:14 +0000 Subject: [PATCH] Fix buffer overfow with zeroing stack --- golded3/geutil.cpp | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/golded3/geutil.cpp b/golded3/geutil.cpp index 896afd8..4f3f2b8 100644 --- a/golded3/geutil.cpp +++ b/golded3/geutil.cpp @@ -38,13 +38,14 @@ extern GPickArealist* PickArealist; // ------------------------------------------------------------------ void update_statuslines() { - - char buf[200]; /* FIXME: it is need to use dynamic arrays in this fuction to prevent buffer overflow or screen garbage */ - char * const buf_end = buf+199; - static char old_status_line[200] = ""; - char * const old_status_line_end = old_status_line+199; +# define BUFSIZE 200 +# define BUFLEN 199 + char buf[BUFSIZE]=""; /* FIXME: it is need to use dynamic arrays in this fuction to prevent buffer overflow or screen garbage */ + char * const buf_end = buf+BUFLEN; + static char old_status_line[BUFSIZE] = ""; + char * const old_status_line_end = old_status_line+BUFLEN; static int called = NO; - const int WIDE= sizeof(buf)>MAXCOL? MAXCOL : sizeof(buf)-1; + const int WIDE= BUFLEN>MAXCOL? MAXCOL : BUFLEN; HandleGEvent(EVTT_REMOVEVOCBUF); @@ -54,7 +55,7 @@ void update_statuslines() { called = YES; vchar sep = _box_table(W_BSTAT, 3); - char help[200], clkinfo[200]; + char help[BUFSIZE], clkinfo[BUFSIZE]; *clkinfo = NUL; *help = NUL; @@ -86,15 +87,12 @@ void update_statuslines() { int help_len = strlen(help); int clk_len = strlen(clkinfo); int len = WIDE-help_len-clk_len-2; -// LOG.printf("! --- %i bytes help=\"%s\"", help_len, help?help:"NULL"); -// LOG.printf("! --- %i bytes information=\"%s\"", len, information?information:"NULL"); -// LOG.printf("! --- %i bytes clkinfo=\"%s\"", clk_len, clkinfo?clkinfo:"NULL"); gsprintf(PRINTF_DECLARE_BUFFER(buf), "%c%s%-*.*s%s ", goldmark, help, len, len, information, clkinfo); char *begin = buf; char *obegin = old_status_line; - char *end = buf + WIDE; - char *oend = old_status_line + WIDE; + char *end = buf + WIDE-1; // last position before final '\0' + char *oend = old_status_line + WIDE-1; // last position before final '\0' while((*begin != NUL) and (*begin == *obegin) and (begin