tech-userlevel: Re: ed segfault

Subject: Re: ed segfault
To: None <hypnosses@pulltheplug.org>
From: Jachym Holecek <freza@dspfpga.com>
List: tech-userlevel
Date: 06/09/2006 21:56:25
# hypnosses@pulltheplug.org 2006-06-09:
> ed sefaults with a large string due to strcpy() below is a possible fix.

FWIW the below should be s/MAXPATHLEN - 1/MAXPATHLEN + 1/g, since
old_filename is defined as "char old_filename[MAXPATHLEN + 1]" and
strlcpy() should include the terminating NUL in size.

	-- Jachym

> Index: main.c
> ===================================================================
> RCS file: /cvsroot/src/bin/ed/main.c,v
> retrieving revision 1.17
> diff -u -r1.17 main.c
> --- main.c      26 Jun 2005 19:10:49 -0000      1.17
> +++ main.c      9 Jun 2006 19:25:03 -0000
> @@ -177,7 +177,7 @@
>                         if (read_file(*argv, 0) < 0 && !isatty(0))
>                                 quit(2);
>                         else if (**argv != '!')
> -                               strcpy(old_filename, *argv);
> +                               strlcpy(old_filename, *argv, MAXPATHLEN - 1);
>                 } else if (argc) {
>                         fputs("?\n", stderr);
>                         if (**argv == '\0')
> @@ -510,7 +510,7 @@
>                         return ERR;
>                 else if (open_sbuf() < 0)
>                         return FATAL;
> -               if (*fnp && *fnp != '!') strcpy(old_filename, fnp);
> +               if (*fnp && *fnp != '!') strlcpy(old_filename, fnp,
> MAXPATHLEN - 1);
>  #ifdef BACKWARDS
>                 if (*fnp == '\0' && *old_filename == '\0') {
>                         sprintf(errmsg, "no current filename");
> @@ -537,7 +537,7 @@
>                         return ERR;
>                 }
>                 GET_COMMAND_SUFFIX();
> -               if (*fnp) strcpy(old_filename, fnp);
> +               if (*fnp) strlcpy(old_filename, fnp, MAXPATHLEN - 1);
>                 printf("%s\n", strip_escapes(old_filename));
>                 break;
>         case 'g':
> @@ -668,7 +668,7 @@
>                 GET_COMMAND_SUFFIX();
>                 if (!isglobal) clear_undo_stack();
>                 if (*old_filename == '\0' && *fnp != '!')
> -                       strcpy(old_filename, fnp);
> +                       strlcpy(old_filename, fnp, MAXPATHLEN - 1);
>  #ifdef BACKWARDS
>                 if (*fnp == '\0' && *old_filename == '\0') {
>                         sprintf(errmsg, "no current filename");
> @@ -802,7 +802,7 @@
>                         return ERR;
>                 GET_COMMAND_SUFFIX();
>                 if (*old_filename == '\0' && *fnp != '!')
> -                       strcpy(old_filename, fnp);
> +                       strlcpy(old_filename, fnp,MAXPATHLEN - 1);
>  #ifdef BACKWARDS
>                 if (*fnp == '\0' && *old_filename == '\0') {
>                         sprintf(errmsg, "no current filename");
> 
>