From df51171352cb615cfa792ece05554afa212a3cbc Mon Sep 17 00:00:00 2001 From: Dirk Hohndel Date: Thu, 1 Oct 2015 21:49:00 -0400 Subject: [PATCH] Avoid possible NULL pointer dereference This makes the code more robust in case the Uemis returns random or non-sensical data. It's unlikely the user has a billion dives or that the Uemis returns such a number. That's no reason not to handle this case without crashing. Coverity CID 1325289 Signed-off-by: Dirk Hohndel --- uemis-downloader.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/uemis-downloader.c b/uemis-downloader.c index af0d6ced1..b79890599 100644 --- a/uemis-downloader.c +++ b/uemis-downloader.c @@ -840,11 +840,17 @@ static bool process_raw_buffer(device_data_t *devdata, uint32_t deviceid, char * * at the time it's being read the *dive varible is not set because * the dive_no tag comes before the object_id in the uemis ans file */ + dive_no[0] = '\0'; char *dive_no_buf = strdup(inbuf); char *dive_no_ptr = strstr(dive_no_buf, "dive_no{int{") + 12; - char *dive_no_end = strstr(dive_no_ptr, "{"); - *dive_no_end = 0; - strcpy(dive_no, dive_no_ptr); + if (dive_no_ptr) { + char *dive_no_end = strstr(dive_no_ptr, "{"); + if (dive_no_end) { + *dive_no_end = '\0'; + strncpy(dive_no, dive_no_ptr, 9); + dive_no[9] = '\0'; + } + } free(dive_no_buf); } while (!done) {