mifr/subsurface
1
0
Fork 0
mirror of https://github.com/subsurface/subsurface.git synced 2024-11-28 05:00:20 +00:00
Code Issues Projects Releases Packages Wiki Activity

Don't crash on loading tags longer than 127 chars

Browse source 
We didn't enforce a limit on tag length, but we would crash on a tag
longer than 127 chars.
This uses the xml buffer as scratch space. Don't really know if this is
fair, but it looks like it works.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
This commit is contained in:
Anton Lundin 2013-12-11 21:21:51 +01:00 committed by Dirk Hohndel
parent 160fb321bc
commit 78acf20848
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
parse-xml.c
View file

@ -218,7 +218,6 @@ enum ParseState {FINDSTART, FINDEND};
static void divetags(char *buffer, void *_tags)
{
struct tag_entry *tags = _tags;
char tag[128];
int i = 0, start = 0, end = 0;
enum ParseState state = FINDEND;
i=0;
@ -230,10 +229,9 @@ static void divetags(char *buffer, void *_tags)
/* Found end of tag */
if (i > 1) {
if(buffer[i-1] != '\\') {
strncpy(tag, buffer+start, end-start+1);
tag[end-start+1] = '\0';
buffer[end-start+1] = '\0';
state=FINDSTART;
taglist_add_tag(tags, tag);
taglist_add_tag(tags, buffer+start);
}
} else {
state=FINDSTART;
@ -256,9 +254,9 @@ static void divetags(char *buffer, void *_tags)
if (end < start)
end = strlen(buffer)-1;
if (strlen(buffer) > 0) {
strncpy(tag, buffer+start, end-start+1);
tag[end-start+1] = '\0';
taglist_add_tag(tags, tag);
buffer[end-start+1] = '\0';
state=FINDSTART;
taglist_add_tag(tags, buffer+start);
}
}
}