Re: [AD] strcat strcpy etc.. BUG found! |
[ Thread Index |
Date Index
| More lists.liballeg.org/allegro-developers Archives
]
> i have noticed the src of allegro has a few strcat() and strcpy()
> shouldnt they be replaced with strNcat() and/or strNcpy() ?
Well, both strncat() and strncpy() are not very nice either, the first one
because it can write more characters than prescribed and the second one
because it doesn't always write the terminating null character.
> such as in /allegro417/src/win/wddbmp.c
> around lines 128-132:
>
>
> case DDERR_PRIMARYSURFACEALREADYEXISTS:
> strcpy(err_str, "DDERR_PRIMARYSURFACEALREADYEXISTS");
> break;
>
> this is a buffer overflow !
Doh! Darn longish Microsoft constants :-(
Now fixed in the CVS tree.
> and another suspicious one...
>
> /allegro417/src/dos/sndscape.c (lines 378):
>
>
> static int get_ini_config_entry(char *entry, char *dest, FILE *fp)
> {
> char str[83];
> char tokstr[33];
> char *p;
>
> /* make a local copy of the entry, upper-case it */
> strcpy(tokstr, entry);
>
> ****** this strcpy looks like it could overflow **********
Of course theoretically, but get_ini_config_entry() is only called on
"Product", "Port", "Waveport", "IRQ", "SBIRQ" and "DMA" so...
--
Eric Botcazou