cscope/cscope-15.5-fscanf-overflows.patch

209 lines
8.0 KiB
Diff
Raw Normal View History

2006-08-23 15:36:15 +00:00
--- cscope-15.5/src/display.c.orig 2006-08-23 07:08:40.000000000 -0400
+++ cscope-15.5/src/display.c 2006-08-23 10:19:41.000000000 -0400
@@ -217,7 +217,7 @@
disprefs < mdisprefs && screenline <= lastdispline;
++disprefs, ++screenline) {
/* read the reference line */
- if (fscanf(refsfound, "%s%s%s %[^\n]", file, function,
+ if (fscanf(refsfound, "%" PATHLEN_STR "s%" PATHLEN_STR "s%" NUMLEN_STR "s %" TEMPSTRING_LEN_STR "[^\n]", file, function,
linenum, tempstring) < 4) {
break;
}
--- cscope-15.5/src/input.c.orig 2006-08-23 07:08:40.000000000 -0400
+++ cscope-15.5/src/input.c 2006-08-23 10:57:01.000000000 -0400
@@ -293,16 +293,15 @@
/* if the login name is null, then use $HOME */
if (*out == '\0') {
v = getenv("HOME");
- }
- else { /* get the home directory of the login name */
+ } else { /* get the home directory of the login name */
v = logdir(out);
}
- /* copy the directory name */
- if (v != NULL) {
+ /* copy the directory name if it isn't too big */
+ if (v != NULL && strlen(v) < (lastchar - out)) {
(void) strcpy(out - 1, v);
out += strlen(v) - 1;
- }
- else { /* login not found, so ~ must be part of the file name */
+ } else {
+ /* login not found, so ~ must be part of the file name */
out += strlen(out);
}
}
@@ -322,11 +321,11 @@
*s = '\0';
/* get its value */
- if ((v = getenv(out)) != NULL) {
+ if ((v = getenv(out)) != NULL && strlen(v) < (lastchar - out)) {
(void) strcpy(out - 1, v);
out += strlen(v) - 1;
- }
- else { /* var not found, so $ must be part of the file name */
+ } else {
+ /* var not found, so $ must be part of the file name */
out += strlen(out);
}
}
--- cscope-15.5/src/edit.c.orig 2001-07-18 09:49:01.000000000 -0400
+++ cscope-15.5/src/edit.c 2006-08-23 10:16:30.000000000 -0400
@@ -60,7 +60,7 @@
seekline(i + topline);
/* get the file name and line number */
- if (fscanf(refsfound, "%s%*s%s", file, linenum) == 2) {
+ if (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s", file, linenum) == 2) {
edit(file, linenum); /* edit it */
}
seekline(topline); /* restore the line pointer */
@@ -83,7 +83,7 @@
seekline(1);
/* get each file name and line number */
- while (fscanf(refsfound, "%s%*s%s%*[^\n]", file, linenum) == 2) {
+ while (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", file, linenum) == 2) {
edit(file, linenum); /* edit it */
if (editallprompt == YES) {
addstr("Type ^D to stop editing all lines, or any other character to continue: ");
--- cscope-15.5/src/command.c.orig 2006-08-23 07:08:40.000000000 -0400
+++ cscope-15.5/src/command.c 2006-08-23 10:08:50.000000000 -0400
@@ -727,7 +727,7 @@
(void) fprintf(script, "ed - <<\\!\n");
*oldfile = '\0';
seekline(1);
- for (i = 0; fscanf(refsfound, "%s%*s%s%*[^\n]", newfile, linenum) == 2;
+ for (i = 0; fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", newfile, linenum) == 2;
++i) {
/* see if the line is to be changed */
if (change[i] == YES) {
--- cscope-15.5/src/dir.c.orig 2003-06-02 06:43:00.000000000 -0400
+++ cscope-15.5/src/dir.c 2006-08-23 10:09:20.000000000 -0400
@@ -319,7 +319,7 @@
/* Parse whitespace-terminated strings in line: */
point_in_line = line;
- while (sscanf(point_in_line, "%s", path) == 1) {
+ while (sscanf(point_in_line, "%" PATHLEN_STR "s", path) == 1) {
/* Have to store this length --- inviewpath() will
* modify path, later! */
length_of_name = strlen(path);
--- cscope-15.5/src/main.c.orig 2006-08-23 07:08:40.000000000 -0400
+++ cscope-15.5/src/main.c 2006-08-23 11:26:48.000000000 -0400
@@ -102,10 +102,10 @@
#endif
char temp1[PATHLEN + 1]; /* temporary file name */
char temp2[PATHLEN + 1]; /* temporary file name */
-char tempdirpv[PATHLEN +1]; /* private temp directory */
+char tempdirpv[PATHLEN + 1]; /* private temp directory */
long totalterms; /* total inverted index terms */
BOOL trun_syms; /* truncate symbols to 8 characters */
-char tempstring[8192]; /* use this as a buffer, instead of 'yytext',
+char tempstring[TEMPSTRING_LEN + 1]; /* use this as a buffer, instead of 'yytext',
* which had better be left alone */
char *tmpdir; /* temporary directory */
@@ -270,6 +270,13 @@
s[11] = '\0';
}
#endif
+ if (strlen(reffile) > sizeof(path) - 1) {
+ char buffer[512];
+ sprintf(buffer,"cscope: reffile too long, cannot be > %d characters\n", sizeof(path) - 1);
+ postmsg(buffer);
+ myexit(1);
+ /* NOTREACHED */
+ }
s = path + strlen(path);
(void) strcpy(s, ".in");
invname = stralloc(path);
@@ -491,11 +498,11 @@
|| (names = vpfopen(NAMEFILE, "r")) != NULL) {
/* read any -p option from it */
- while (fscanf(names, "%s", path) == 1 && *path == '-') {
+ while (fgets(path, sizeof(path), names) != NULL && *path == '-') {
i = path[1];
s = path + 2; /* for "-Ipath" */
if (*s == '\0') { /* if "-I path" */
- (void) fscanf(names, "%s", path);
+ fgets(path, sizeof(path), names);
s = path;
}
switch (i) {
@@ -512,7 +519,7 @@
}
else {
for (i = 0; i < nsrcfiles; ++i) {
- if (fscanf(oldrefs, "%s", path) != 1) {
+ if (!fgets(path, sizeof(path), oldrefs) ) {
posterr("cscope: cannot read source file name from file %s\n", reffile);
myexit(1);
}
--- cscope-15.5/src/constants.h.orig 2006-08-23 07:08:40.000000000 -0400
+++ cscope-15.5/src/constants.h 2006-08-23 10:16:30.000000000 -0400
@@ -68,6 +68,7 @@
#define NUMLEN 5 /* line number length */
#define PATHLEN 250 /* file pathname length */
#define PATLEN 250 /* symbol pattern length */
+#define TEMPSTRING_LEN 8191 /* max strlen() of the global temp string */
#define REFFILE "cscope.out" /* cross-reference output file */
#define NAMEFILE "cscope.files" /* default list-of-files file */
#define INVNAME "cscope.in.out" /* inverted index to the database */
@@ -77,6 +78,13 @@
#define STMTMAX 10000 /* maximum source statement length */
+#define STR2(x) #x
+#define STRINGIZE(x) STR2(x)
+#define PATLEN_STR STRINGIZE(PATLEN)
+#define PATHLEN_STR STRINGIZE(PATHLEN)
+#define NUMLEN_STR STRINGIZE(NUMLEN)
+#define TEMPSTRING_LEN_STR STRINGIZE(TEMPSTRING_LEN)
+
/* screen lines */
#define FLDLINE (LINES - FIELDS - 1) /* first input field line */
#define MSGLINE 0 /* message line */
--- cscope-15.5/src/build.c.orig 2006-08-23 07:08:40.000000000 -0400
+++ cscope-15.5/src/build.c 2006-08-23 11:17:57.000000000 -0400
@@ -115,7 +115,7 @@
}
/* see if the name list is the same */
for (i = 0; i < count; ++i) {
- if (fscanf(oldrefs, "%s", oldname) != 1 ||
+ if (! fgets(oldname, sizeof(oldname), oldrefs)||
strnotequal(oldname, names[i])) {
return(NO);
}
@@ -223,8 +223,8 @@
/* if there is an old cross-reference and its current directory matches */
/* or this is an unconditional build */
if ((oldrefs = vpfopen(reffile, "rb")) != NULL && unconditional == NO &&
- fscanf(oldrefs, "cscope %d %s", &fileversion, olddir) == 2 &&
- (strcmp(olddir, currentdir) == 0 || /* remain compatible */
+ fscanf(oldrefs, "cscope %d %" PATHLEN_STR "s", &fileversion, olddir) == 2
+ && (strcmp(olddir, currentdir) == 0 || /* remain compatible */
strcmp(olddir, newdir) == 0)) {
/* get the cross-reference file's modification time */
(void) fstat(fileno(oldrefs), &statstruct);
@@ -292,7 +292,7 @@
/* see if the list of source files is the same and
none have been changed up to the included files */
for (i = 0; i < nsrcfiles; ++i) {
- if (fscanf(oldrefs, "%s", oldname) != 1 ||
+ if (! fgets(oldname, sizeof(oldname), oldrefs) ||
strnotequal(oldname, srcfiles[i]) ||
lstat(srcfiles[i], &statstruct) != 0 ||
statstruct.st_mtime > reftime) {
@@ -301,7 +301,7 @@
}
/* the old cross-reference is up-to-date */
/* so get the list of included files */
- while (i++ < oldnum && fscanf(oldrefs, "%s", oldname) == 1) {
+ while (i++ < oldnum && fgets(oldname, sizeof(oldname), oldrefs)) {
addsrcfile(oldname);
}
(void) fclose(oldrefs);