Re: [AD] strcat strcpy etc.. BUG found!

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]


> i have noticed the src of allegro has a few strcat()  and  strcpy()
> shouldnt they be replaced  with  strNcat()  and/or  strNcpy()  ?

Well, both strncat() and strncpy() are not very nice either, the first one 
because it can write more characters than prescribed and the second one 
because it doesn't always write the terminating null character.

> such as in  /allegro417/src/win/wddbmp.c
> around lines 128-132:
>
>
> case DDERR_PRIMARYSURFACEALREADYEXISTS:
>           strcpy(err_str, "DDERR_PRIMARYSURFACEALREADYEXISTS");
>           break;
>
> this is a buffer overflow !

Doh! Darn longish Microsoft constants :-(
Now fixed in the CVS tree.

> and another suspicious one...
>
> /allegro417/src/dos/sndscape.c (lines 378):
>
>
> static int get_ini_config_entry(char *entry, char *dest, FILE *fp)
> {
>     char str[83];
>     char tokstr[33];
>     char *p;
>
>     /* make a local copy of the entry, upper-case it */
>     strcpy(tokstr, entry);
>
> ****** this strcpy looks like it could overflow **********

Of course theoretically, but get_ini_config_entry() is only called on 
"Product", "Port", "Waveport", "IRQ", "SBIRQ" and "DMA" so...

-- 
Eric Botcazou



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/