[cig-commits] r5361 - mc/3D/CitcomS/trunk/lib

[leif at geodynamics.org]

Author: leif
Date: 2006-11-27 23:33:41 -0800 (Mon, 27 Nov 2006)
New Revision: 5361

Modified:
   mc/3D/CitcomS/trunk/lib/Instructions.c
Log:
Rewrote expand_str() in order to:
  1) avoid potential buffer overflow;
  2) avoid the use of non-standard strndup();
  3) avoid the use of the heap altogether.
(Prompted by unresolved strndup on Mac OS X.)


Modified: mc/3D/CitcomS/trunk/lib/Instructions.c
===================================================================
--- mc/3D/CitcomS/trunk/lib/Instructions.c	2006-11-28 05:00:42 UTC (rev 5360)
+++ mc/3D/CitcomS/trunk/lib/Instructions.c	2006-11-28 07:33:41 UTC (rev 5361)
@@ -32,6 +32,7 @@
 #include <math.h>
 #include <string.h>
 #include <stdlib.h>
+#include <stddef.h>
 #include <sys/stat.h>
 #include <sys/errno.h>
 #include <unistd.h>
@@ -1060,25 +1061,29 @@
 static void expand_str(char *src, size_t max_size,
 		       const char *target, const char *value)
 {
-    char *pos, *end, *tmp;
+    char *pos, *end, *new_end;
+    size_t end_len, value_len;
 
     /* is target a substring of src? */
     pos = strstr(src, target);
     if (pos != NULL) {
-	/* the end char of target */
+        value_len = strlen(value);
+
+	/* the end part of the original string... */
 	end = pos + strlen(target);
+        /* ...and where it is going */
+        new_end = pos + value_len;
+        end_len = strlen(end);
+        if (new_end + end_len >= src + max_size) {
+            /* too long */
+            return;
+        }
 
-	/* make a copy of the 2nd part of the original string */
-	tmp = strndup(end, max_size);
+	/* move the end part of the original string */
+        memmove(new_end, end, end_len + 1); /* incl. null byte */
 
-	/* terminate src at pos */
-	*pos = '\0';
-
-	/* src + value + end */
-	strncat(src, value, max_size);
-	strncat(src, tmp, max_size);
-
-	free(tmp);
+        /* insert the value */
+        memcpy(pos, value, value_len);
     }
 }