[cppcheck] Dangerous usage of strncat in file xf86AutoConfig.c
Martin Ettl
ettl.martin at gmx.de
Sat Oct 3 04:14:35 PDT 2009
Hello friends,
further analysation with the static code analysis tool cppcheck brought up another issue. The tool printed the following warning:
../xfree86/common/xf86AutoConfig.c,337,possible error,Dangerous usage of strncat. Tip: the 3rd parameter means maximum number of characters to append
Take a look into the code at line 337:
....
char path_name[256];
....
334 if (strncmp(&(direntry->d_name[len-4]), ".ids", 4) == 0) {
/* We need the full path name to open the file */
strncpy(path_name, PCI_TXT_IDS_PATH, 256);
337 strncat(path_name, "/", 1);
strncat(path_name, direntry->d_name, (256 - strlen(path_name) - 1));
....
I is possible (suppose to be the string PCI_TXT_IDS_PATH) is 256 characters long) that the array path_name is allready filled. Then (lin 337) an additional character is appended --> array index might be go out of range.
Why not first count, how many characters needed and then allocate the memory dynamically?
Here is a reference of strncat and strncpy:
http://www.cplusplus.com/reference/clibrary/cstring/strncpy/
http://www.cplusplus.com/reference/clibrary/cstring/strncat/
I recommond to try cppcheck (it is available on sourceforge) to beat such flaws down.
Best regards
Martin
--
Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate
für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
More information about the xorg-devel
mailing list