Browse code
Code tidy for bounds checking compilers
| ... | ... |
@@ -1,4 +1,9 @@ |
| 1 |
+Mon Feb 12 21:15:00 GMT 2007 (njh) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav/entconv.c: Code tidy for bounds checking compilers |
|
| 4 |
+ |
|
| 1 | 5 |
Mon Feb 12 22:08:15 CET 2007 (acab) |
| 6 |
+---------------------------------- |
|
| 2 | 7 |
* libclamav/packlibs: fix possible heap overflow (thanks Edvin) |
| 3 | 8 |
|
| 4 | 9 |
Mon Feb 12 21:59:49 CET 2007 (tk) |
| ... | ... |
@@ -953,12 +953,15 @@ unsigned char* encoding_norm_readline(struct entity_conv* conv, FILE* stream_in, |
| 953 | 953 |
} |
| 954 | 954 |
else {
|
| 955 | 955 |
char buff[10]; |
| 956 |
+ const int len = strlen(buff); |
|
| 957 |
+ |
|
| 956 | 958 |
snprintf(buff,9,"&#%d;",u16); |
| 957 | 959 |
buff[9] = '\0'; |
| 958 |
- if(norm + strlen(buff) >= norm_end) |
|
| 960 |
+ if((norm_end - norm) <= len) |
|
| 961 |
+ /* prevent buffer overflow */ |
|
| 959 | 962 |
break; |
| 960 |
- strncpy((char*)norm, buff, strlen(buff)); |
|
| 961 |
- norm += strlen(buff); |
|
| 963 |
+ memcpy((char*)norm, buff, len); |
|
| 964 |
+ norm += len; |
|
| 962 | 965 |
} |
| 963 | 966 |
} |
| 964 | 967 |
conv->out_area.offset = i; /* so that we can resume next time from here */ |