[cppcheck] Dangerous usage of strncat in file xf86AutoConfig.c

Martin Ettl ettl.martin at gmx.de
Sat Oct 3 04:14:35 PDT 2009


Hello friends,

further analysation with the static code analysis tool cppcheck brought up another issue. The tool printed the following warning:

../xfree86/common/xf86AutoConfig.c,337,possible error,Dangerous usage of strncat. Tip: the 3rd parameter means maximum number of characters to append

Take a look into the code at line 337:
....
char path_name[256];
....
334        if (strncmp(&(direntry->d_name[len-4]), ".ids", 4) == 0) {
            /* We need the full path name to open the file */
            strncpy(path_name, PCI_TXT_IDS_PATH, 256);
337         strncat(path_name, "/", 1);
            strncat(path_name, direntry->d_name, (256 - strlen(path_name) - 1));
....

I is possible (suppose to be the string PCI_TXT_IDS_PATH) is 256 characters long) that the array path_name is allready filled. Then (lin 337) an additional character is appended --> array index might be go out of range.

Why not first count, how many characters needed and then allocate the memory dynamically?

Here is a reference of strncat and strncpy:
 
http://www.cplusplus.com/reference/clibrary/cstring/strncpy/
http://www.cplusplus.com/reference/clibrary/cstring/strncat/


I recommond to try cppcheck (it is available on sourceforge) to beat such flaws down.

Best regards

Martin



-- 
Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate
für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02


More information about the xorg-devel mailing list