bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix buffer overflow when quotemargin>255

Browse Source
This commit is contained in:
Stas Degteff 2005-09-15 19:29:51 +00:00
parent 1def986046
commit 15e481d62d
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
golded3/getpls.cpp
View File

@ -24,6 +24,10 @@
// Template handling. // Template handling.
// ------------------------------------------------------------------ // ------------------------------------------------------------------
#if defined(__MINGW32__) || defined(_MSC_VER)
#include <malloc.h>
#endif
#if defined(_MSC_VER) && defined(_DEBUG) #if defined(_MSC_VER) && defined(_DEBUG)
/* C4786: 'identifier' : identifier was truncated to 'number' /* C4786: 'identifier' : identifier was truncated to 'number'
characters in the debug information characters in the debug information
@ -83,7 +87,12 @@ int TemplateToText(int mode, GMsg* msg, GMsg* oldmsg, const char* tpl, int origa
uint ctrlinfo; uint ctrlinfo;
char textfile[GMAXPATH]; char textfile[GMAXPATH];
char indexfile[GMAXPATH]; char indexfile[GMAXPATH];
char buf[256]; #if defined(__MINGW32__) || defined(_MSC_VER)
size_t sizeofbuf = CFG->quotemargin + 256;
char *buf = (char*)alloca(sizeofbuf);
#else
__extension__ char buf[CFG->quotemargin + 256];
#endif
char initials[10]; char initials[10];
char quotestr[100]; char quotestr[100];
char qbuf[100]; char qbuf[100];
@ -317,7 +326,11 @@ int TemplateToText(int mode, GMsg* msg, GMsg* oldmsg, const char* tpl, int origa
size_t oldmsg_size = oldmsg->txt ? strlen(oldmsg->txt) : REALLOC_CACHE_SIZE; size_t oldmsg_size = oldmsg->txt ? strlen(oldmsg->txt) : REALLOC_CACHE_SIZE;
size_t msg_txt_realloc_cache = 0; size_t msg_txt_realloc_cache = 0;
#if defined(__MINGW32__) || defined(_MSC_VER)
while(fgets(buf, sizeofbuf, fp)) {
#else
while(fgets(buf, sizeof(buf), fp)) { while(fgets(buf, sizeof(buf), fp)) {
#endif
ptr = strskip_wht(buf); ptr = strskip_wht(buf);
if(*ptr != ';') { if(*ptr != ';') {
bool chg = false; bool chg = false;