mifr/subsurface
1
0
Fork 0
mirror of https://github.com/subsurface/subsurface.git synced 2025-02-12 13:26:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix retrieval of object_id value in Uemis downloader

Browse source 
The existing code could read past the end of the buffer that was handed to
it.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
This commit is contained in:
Dirk Hohndel 2012-12-05 13:43:36 -08:00
parent 240442cec9
commit afb53e387b
1 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
uemis-downloader.c
View file

@ -322,9 +322,10 @@ static gboolean next_file(int max)
static char *first_object_id_val(char* buf) static char *first_object_id_val(char* buf)
{ {
char *object; char *object, *bufend;
if (!buf) if (!buf)
return NULL; return NULL;
bufend = buf + strlen(buf);
object = strstr(buf, "object_id"); object = strstr(buf, "object_id");
if (object) { if (object) {
/* get the value */ /* get the value */
@ -332,12 +333,18 @@ static char *first_object_id_val(char* buf)
char *p = object + 14; char *p = object + 14;
char *t = tmp; char *t = tmp;
if (p < buf + strlen(buf)) { #if UEMIS_DEBUG & 2
while (*p != '{' && t < tmp + 9) char debugbuf[50];
*t++ = *p++; strncpy(debugbuf, object, 49);
debugbuf[49] = '\0';
fprintf(debugfile, "buf |%s|\n", debugbuf);
#endif
while (p < bufend && *p != '{' && t < tmp + 9)
*t++ = *p++;
if (*p == '{') {
*t = '\0'; *t = '\0';
return strdup(tmp);
} }
return strdup(tmp);
} }
return NULL; return NULL;
} }
@ -350,6 +357,9 @@ static void show_progress(char *buf, char *what)
char *val = first_object_id_val(buf); char *val = first_object_id_val(buf);
if (val) { if (val) {
/* let the user know what we are working on */ /* let the user know what we are working on */
#if UEMIS_DEBUG & 2
fprintf(debugfile,"reading %s %s\n", what, val);
#endif
uemis_info(_("Reading %s %s"), what, val); uemis_info(_("Reading %s %s"), what, val);
free(val); free(val);
} }