[cig-commits] [commit] devel, master: Prevent possible out-of-bounds write. (760ea4d)

cig_noreply at geodynamics.org cig_noreply at geodynamics.org
Thu Nov 6 08:30:39 PST 2014 

Repository : https://github.com/geodynamics/specfem3d_globe

On branches: devel,master
Link       : https://github.com/geodynamics/specfem3d_globe/compare/bc58e579b3b0838a0968725a076f5904845437ca...be63f20cbb6f462104e949894dbe205d2398cd7f

>---------------------------------------------------------------

commit 760ea4deb703a469d8cddb676fb58fda65daf6fa
Author: Elliott Sales de Andrade <esalesde at physics.utoronto.ca>
Date:   Tue Sep 9 22:48:19 2014 -0400

    Prevent possible out-of-bounds write.
    
    LINE_MAX may be system defined to something greater than the string
    length defined in Fortran. Of course, someone would also have to write a
    Par_file with an extremely long line too, but better safe than sorry.


>---------------------------------------------------------------

760ea4deb703a469d8cddb676fb58fda65daf6fa
 src/shared/param_reader.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/shared/param_reader.c b/src/shared/param_reader.c
index 56c2205..fa6bb60 100644
--- a/src/shared/param_reader.c
+++ b/src/shared/param_reader.c
@@ -127,6 +127,7 @@ FC_FUNC_(param_read,PARAM_READ)(char * string_read, int * string_read_len, char
   regmatch_t parameter[3];
   char * keyword;
   char * value;
+  size_t value_len;
 
   // Trim the keyword name we're looking for.
   namecopy = strndup(name, *name_len);
@@ -192,7 +193,10 @@ FC_FUNC_(param_read,PARAM_READ)(char * string_read, int * string_read_len, char
     value = strndup(line+parameter[2].rm_so, parameter[2].rm_eo-parameter[2].rm_so);
     // Clear out the return string with blanks, copy the value into it, and return.
     memset(string_read, ' ', *string_read_len);
-    strncpy(string_read, value, strlen(value));
+    value_len = strlen(value);
+    if (value_len > (size_t)*string_read_len)
+      value_len = *string_read_len;
+    strncpy(string_read, value, value_len);
     free(value);
     free(namecopy);
     *ierr = 0;

More information about the CIG-COMMITS mailing list