From: david Date: Mon, 25 Mar 2002 19:50:32 +0000 (+0000) Subject: Patch from Melchior Franz: X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=a8e0002a64b13788855c4545afaa061bdab463fc;p=simgear.git Patch from Melchior Franz: at several places material was copied to "buffer" using strncpy without adding a closing '\0'. This again lead to access to non initialized memory and potentially (and actually at least in one case) to feeding garbage to atof(). In case the following garbage happened to start with digits, we would get funny time values. :-) I just added the obligatory "buffer[n] = 0", which doesn't really look professional now. Maybe we should use the string class or define a helper function that strncopies =and= adds a trailing zero? The last hunk fixes another buglet, that wasn't dangerous at all, but caused an error message. The loop that should cut the string at hash marks ('#') did neither stop at such, nor at string ends. It always scanned the whole 256 character long buffer and accessed uninitialized memory. valgrind doesn't like that. I dropped the 256 counter, because fgets =does= add the closing zero. It is safe to scan until we either get the zero or the hash mark. --- diff --git a/simgear/timing/timezone.cxx b/simgear/timing/timezone.cxx index f0d91404..29ef5df0 100644 --- a/simgear/timing/timezone.cxx +++ b/simgear/timing/timezone.cxx @@ -62,13 +62,16 @@ Timezone::Timezone(const char *infoString) : char sign; sign = latlon[0]; strncpy(buffer, &latlon[1], 2); + buffer[2] = 0; lat = atof(buffer); strncpy(buffer, &latlon[3], 2); + buffer[2] = 0; lat += (atof(buffer) / 60); int nextPos; if (strlen(latlon) > 12) { nextPos = 7; strncpy(buffer, &latlon[5], 2); + buffer[2] = 0; lat += (atof(buffer) / 3600.0); } else { nextPos = 5; @@ -80,6 +83,7 @@ Timezone::Timezone(const char *infoString) : sign = latlon[nextPos]; nextPos++; strncpy(buffer, &latlon[nextPos], 3); + buffer[3] = 0; lon = atof(buffer); nextPos += 3; strncpy(buffer, &latlon[nextPos], 2); @@ -89,6 +93,7 @@ Timezone::Timezone(const char *infoString) : if (strlen(latlon) > 12) { nextPos += 2; strncpy(buffer, &latlon[nextPos], 2); + buffer[2] = 0; lon += (atof (buffer) / 3600.00); } if (sign == '-') { @@ -136,10 +141,11 @@ TimezoneContainer::TimezoneContainer(const char *filename) if( buffer[0] == '#' ) continue; #else - for (int i = 0; i < 256; i++) { - if (buffer[i] == '#') { - buffer[i] = 0; - } + for (char *p = buffer; *p; p++) { + if (*p == '#') { + *p = 0; + break; + } } #endif if (buffer[0]) {