cscope/cscope-15.5-putstring-overflow.patch
2006-06-23 20:08:00 +00:00

281 lines
7.4 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

--- cscope-15.5/src/find.c.stack 2006-06-23 16:00:34.000000000 -0400
+++ cscope-15.5/src/find.c 2006-06-23 16:00:47.000000000 -0400
@@ -184,7 +184,7 @@ find_symbol_or_assignment(char *pattern,
(void) scanpast('\t'); /* find the end of the header */
skiprefchar(); /* skip the file marker */
- putstring(file); /* save the file name */
+ putstring(file, PATHLEN); /* save the file name */
(void) strcpy(function, global);/* set the dummy global function name */
(void) strcpy(macro, global);/* set the dummy global macro name */
@@ -216,7 +216,7 @@ find_symbol_or_assignment(char *pattern,
/* save the name */
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
/* check for the end of the symbols */
if (*file == '\0') {
@@ -255,7 +255,7 @@ find_symbol_or_assignment(char *pattern,
}
/* save the name */
skiprefchar();
- putstring(s);
+ putstring(s, PATHLEN);
/* see if this is a regular expression pattern */
if (isregexp_valid == YES) {
@@ -293,7 +293,7 @@ find_symbol_or_assignment(char *pattern,
if (isalpha((unsigned char)firstchar) || firstchar == '_') {
blockp = cp;
- putstring(symbol);
+ putstring(symbol, PATHLEN);
if (caseless == YES) {
s = lcasify(symbol); /* point to lower case version */
}
@@ -382,7 +382,7 @@ finddef(char *pattern)
case NEWFILE:
skiprefchar(); /* save file name */
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -412,21 +412,36 @@ finddef(char *pattern)
}
/* find all function definitions (used by samuel only) */
+static void blow_up(int line)
+{
+ fprintf(stderr,"STACK CORRUPTION AT %d\n",line);
+ abort();
+}
+
+#define CHECK_STACK() do { if(test != (unsigned int)&test) {\
+blow_up(__LINE__);\
+}} while(0)
+
char *
findallfcns(char *dummy)
{
+ volatile unsigned int test = 0;
char file[PATHLEN + 1]; /* source file name */
char function[PATLEN + 1]; /* function name */
-
+ char oldblockp;
(void) dummy; /* unused argument */
/* find the next file name or definition */
+ test = (unsigned int)&test;
while (scanpast('\t') != NULL) {
+ CHECK_STACK();
+ oldblockp=*blockp;
switch (*blockp) {
case NEWFILE:
skiprefchar(); /* save file name */
- putstring(file);
+ putstring(file, PATHLEN);
+ CHECK_STACK();
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -440,8 +455,7 @@ findallfcns(char *dummy)
case FCNDEF:
case CLASSDEF:
skiprefchar(); /* save function name */
- putstring(function);
-
+ putstring(function, PATHLEN);
/* output the file, function and source line */
putref(0, file, function);
break;
@@ -483,7 +497,7 @@ findcalling(char *pattern)
case NEWFILE: /* save file name */
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -494,7 +508,7 @@ findcalling(char *pattern)
case DEFINE: /* could be a macro */
if (fileversion >= 10) {
skiprefchar();
- putstring(macro);
+ putstring(macro, PATHLEN);
}
break;
@@ -504,7 +518,7 @@ findcalling(char *pattern)
case FCNDEF: /* save calling function name */
skiprefchar();
- putstring(function);
+ putstring(function, PATHLEN);
for (i = 0; i < morefuns; i++)
if ( !strcmp(tmpfunc[i], function) )
break;
@@ -639,7 +653,7 @@ findinclude(char *pattern)
case NEWFILE: /* save file name */
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -790,7 +804,7 @@ match(void)
/* see if this is a regular expression pattern */
if (isregexp_valid == YES) {
- putstring(string);
+ putstring(string, PATHLEN);
if (*string == '\0') {
return(NO);
}
@@ -940,26 +954,29 @@ putline(FILE *output)
/* put the rest of the cross-reference line into the string */
void
-putstring(char *s)
+putstring(char *s, int length)
{
char *cp;
unsigned c;
-
+ int i=0;
setmark('\n');
cp = blockp;
do {
- while ((c = (unsigned)(*cp)) != '\n') {
+ while (((c = (unsigned)(*cp)) != '\n') && (i<length)) {
if (c > '\177') {
c &= 0177;
*s++ = dichar1[c / 8];
*s++ = dichar2[c & 7];
+ i+=2;
}
else {
*s++ = c;
+ i++;
}
++cp;
}
- } while (*(cp + 1) == '\0' && (cp = readblock()) != NULL);
+ } while (((*(cp + 1) == '\0' && (cp = readblock()) != NULL)) &&
+ (i < length));
blockp = cp;
*s = '\0';
}
@@ -1059,7 +1076,7 @@ findcalledby(char *pattern)
case NEWFILE:
skiprefchar(); /* save file name */
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return(&found_caller);
}
@@ -1194,7 +1211,7 @@ putpostingref(POSTING *p, char *pat)
if (p->type == FCNDEF) { /* need to find the function name */
if (dbseek(p->lineoffset) != -1) {
scanpast(FCNDEF);
- putstring(function);
+ putstring(function, PATHLEN);
}
}
else if (p->type != FCNCALL) {
@@ -1203,7 +1220,7 @@ putpostingref(POSTING *p, char *pat)
}
else if (p->fcnoffset != lastfcnoffset) {
if (dbseek(p->fcnoffset) != -1) {
- putstring(function);
+ putstring(function, PATHLEN);
lastfcnoffset = p->fcnoffset;
}
}
--- cscope-15.5/src/global.h.stack 2006-06-23 16:01:31.000000000 -0400
+++ cscope-15.5/src/global.h 2006-06-23 16:02:55.000000000 -0400
@@ -370,7 +370,7 @@ void postmsg(char *msg);
void postmsg2(char *msg);
void posterr(char *msg,...);
void putposting(char *term, int type);
-void putstring(char *s);
+void putstring(char *s, int length);
void resetcmd(void);
void seekline(int line);
void setfield(void);
--- cscope-15.5/src/build.c.stack 2003-03-05 05:43:59.000000000 -0500
+++ cscope-15.5/src/build.c 2006-06-23 16:00:47.000000000 -0400
@@ -82,7 +82,7 @@ static void copyinverted(void);
static char *getoldfile(void);
static void movefile(char *new, char *old);
static void putheader(char *dir);
-static void putinclude(char *s);
+static void putinclude(char *s, int len);
static void putlist(char **names, int count);
static BOOL samelist(FILE *oldrefs, char **names, int count);
@@ -512,7 +512,7 @@ getoldfile(void)
do {
if (*blockp == NEWFILE) {
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
if (file[0] != '\0') { /* if not end-of-crossref */
return(file);
}
@@ -614,7 +614,7 @@ copydata(void)
/* look for an #included file */
if (*cp == INCLUDE) {
blockp = cp;
- putinclude(symbol);
+ putinclude(symbol, PATHLEN);
writestring(symbol);
setmark('\t');
cp = blockp;
@@ -666,12 +666,12 @@ copyinverted(void)
case NEWFILE: /* file name */
return;
case INCLUDE: /* #included file */
- putinclude(symbol);
+ putinclude(symbol, PATHLEN);
goto output;
}
dbputc(type);
skiprefchar();
- putstring(symbol);
+ putstring(symbol, PATHLEN);
goto output;
}
c = *cp;
@@ -681,7 +681,7 @@ copyinverted(void)
/* if this is a symbol */
if (isalpha((unsigned char)c) || c == '_') {
blockp = cp;
- putstring(symbol);
+ putstring(symbol, PATHLEN);
type = ' ';
output:
putposting(symbol, type);
@@ -712,11 +712,11 @@ movefile(char *new, char *old)
/* process the #included file in the old database */
static void
-putinclude(char *s)
+putinclude(char *s, int len)
{
dbputc(INCLUDE);
skiprefchar();
- putstring(s);
+ putstring(s, len);
incfile(s + 1, s);
}