Custom Query (541 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (37 - 39 of 541)

3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Ticket Resolution Summary Owner Reporter
#165 fixed Malformed calls to strncpy() in src/libsrc/util/ws_clientIIx.c somebody baker
Description

gcc version 4.2.1 (Mac OS X 10.6) issues warnings for src/libsrc/util/ws_clientIIx.c such as:

ws_clientIIx.c:2185: warning: call to __builtin___strncpy_chk will always overflow destination buffer

The compiler has caught the an error in the last of four malformed strncpy() calls in lines 2182-2185:

  strncpy(PSCNL.sta,  getThis->sta,  sizeof(PSCNL.sta - 1));
  strncpy(PSCNL.chan, getThis->chan, sizeof(PSCNL.chan - 1));
  strncpy(PSCNL.net,  getThis->net,  sizeof(PSCNL.net - 1));
  strncpy(PSCNL.loc,  getThis->loc,  sizeof(PSCNL.loc - 1));

The correct code is:

  strncpy(PSCNL.sta,  getThis->sta,  sizeof(PSCNL.sta) - 1);
  strncpy(PSCNL.chan, getThis->chan, sizeof(PSCNL.chan) - 1);
  strncpy(PSCNL.net,  getThis->net,  sizeof(PSCNL.net) - 1);
  strncpy(PSCNL.loc,  getThis->loc,  sizeof(PSCNL.loc) - 1);

I haven't had time yet to work up a patch.

I did also search all the source for other similar instances using TextWrangler?'s multi-file search and the grep expression:

strncpy.*sizeof[(][^)]*[ ]*-[ ]*1[ ]*[)]

There were no other instances of similar errors.

#166 fixed Missing arguments to fprintf() and sprintf() somebody baker
Description

gcc version 4.2.1 (Mac OS X 10.6) found several instances of missing arguments to fprintf() and sprintf():

• In src/libsrc/qlib2/ms_utils.c, line 399:

		fprintf (stderr, "Warning: blockette %d	at offset=%d len=%d first_data=%d\n",
			 bl_type, bl_limit-offset, bl_len);

• In src/libsrc/qlib2/unpack.c, line 359:

		fprintf (info, "Error: unpack_steim2 - invalid ck, fn, wn = %d, %d %d\n", c);

• In src/data_sources/reftek2ew/send.c, line 110:

        sprintf(szErrText, "Error: unexpected error(%d) while processing "
                           "channel (%04X S%d C%d)\n",
                dt.unit, dt.stream, dt.chan);

I haven't had time yet to work up any patches.

#167 fixed Malformed calls to strncpy() in src/archiving/tankplayer_tools/tr2dump.c somebody baker
Description

gcc version 4.2.1 (Mac OS X 10.6) issues warnings for src/archiving/tankplayer_tools/tr2dump.c such as:

tr2dump.c:273: warning: call to __builtin___strncpy_chk will always overflow destination buffer

The source line is:

			strncpy(trh.chan, sChan, TRACE_CHAN_LEN);

The compiler has caught the an error in the third of four malformed strncpy() calls in lines 266-277:

		if(sSta) {
			strncpy(trh.sta, sSta, TRACE_STA_LEN);
		}
		if(sNet) {
			strncpy(trh.net, sNet, TRACE_NET_LEN);
		}
		if(sChan) {
			strncpy(trh.chan, sChan, TRACE_CHAN_LEN);
		}
		if(sLoc) {
			strncpy(trh.loc, sLoc, TRACE_LOC_LEN);
		}

The source of the error is that the trh structure is declared as a TRACE2_HEADER:

	TRACE2_HEADER trh;

, yet the strncpy() limits are TRACE_HEADER values -- plus, they are not even correct (they are off by 1).

This is dangerous coding style. The length limits should be sizeof( dest ) - 1, as is done elsewhere.

The correct code is:

		if(sSta) {
			strncpy(trh.sta, sSta, sizeof(trh.sta) - 1);
		}
		if(sNet) {
			strncpy(trh.net, sNet, sizeof(trh.net) - 1);
		}
		if(sChan) {
			strncpy(trh.chan, sChan, sizeof(trh.chan) - 1);
		}
		if(sLoc) {
			strncpy(trh.loc, sLoc, sizeof(trh.loc) - 1);
		}

I haven't had time yet to work up a patch.

I also have not searched the rest of the code to locate instances of similar errors (wrong tracebuf constants, sizeof() should be used instead of constants, expression is off by 1). This should be done.

3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Note: See TracQuery for help on using queries.