Annotation-Pushers
/
Annotation-System
1
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

cinera.c: Fix buffer overflow copying "output" 

This is a hotfix made just to allow using a max-length "output" value.
Next commit should fix buffer overflows for all copies to implicitly
null-terminated destinations.
This commit is contained in:
Matt Mascarenhas 2022-12-15 20:23:30 +00:00
parent ac4b155e73
commit e8ed2f0143
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cinera/cinera.c
View File

@ -23,7 +23,7 @@ typedef struct
version CINERA_APP_VERSION = {
.Major = 0,
.Minor = 10,
.Patch = 17
.Patch = 18
};
#define __USE_XOPEN2K8 // NOTE(matt): O_NOFOLLOW
@ -4249,6 +4249,25 @@ CopyStringNoFormat_(int LineNumber, char *Dest, int DestSize, string String)
return String.Length;
}
#define ClearCopyStringNoFormatOrTerminate(Dest, DestSize, String) ClearCopyStringNoFormatOrTerminate_(__LINE__, Dest, DestSize, String)
int
ClearCopyStringNoFormatOrTerminate_(int LineNumber, char *Dest, int DestSize, string String)
{
if(String.Length > DestSize)
{
printf("ClearCopyStringNoFormatOrTerminate() call on line %d has been passed a buffer too small (%d bytes) to contain %ld-character string:\n"
"%.*s\n", LineNumber, DestSize, String.Length, (int)String.Length, String.Base);
__asm__("int3");
}
Clear(Dest, DestSize);
for(int i = 0; i < String.Length; ++i)
{
*Dest++ = String.Base[i];
}
return String.Length;
}
#define ClearCopyStringNoFormat(Dest, DestSize, String) ClearCopyStringNoFormat_(__LINE__, Dest, DestSize, String)
int
ClearCopyStringNoFormat_(int LineNumber, char *Dest, int DestSize, string String)
@ -11129,7 +11148,7 @@ HMMLToBuffers(buffers *CollationBuffers, template *BespokeTemplate, string BaseF
if(Result == RC_SUCCESS)
{
ClearCopyStringNoFormat(N->WorkingThis.OutputLocation, sizeof(N->WorkingThis.OutputLocation), OutputLocation);
ClearCopyStringNoFormatOrTerminate(N->WorkingThis.OutputLocation, sizeof(N->WorkingThis.OutputLocation), OutputLocation);
buffer URLPlayer = {};
ClaimBuffer(&URLPlayer, BID_URL_PLAYER, MAX_BASE_URL_LENGTH + SLASH + MAX_RELATIVE_PAGE_LOCATION_LENGTH + SLASH + sizeof(N->WorkingThis.OutputLocation));