From: david <david>
Date: Mon, 25 Mar 2002 19:50:32 +0000 (+0000)
Subject: Patch from Melchior Franz:
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=a8e0002a64b13788855c4545afaa061bdab463fc;p=simgear.git

Patch from Melchior Franz:

at several places material was copied to "buffer" using strncpy
without adding a closing '\0'. This again lead to access to non
initialized memory and potentially (and actually at least in one
case) to feeding garbage to atof(). In case the following garbage
happened to start with digits, we would get funny time
values.  :-)
   I just added the obligatory "buffer[n] = 0", which doesn't
really look professional now. Maybe we should use the string
class or define a helper function that strncopies =and= adds
a trailing zero?
   The last hunk fixes another buglet, that wasn't dangerous
at all, but caused an error message. The loop that should cut
the string at hash marks ('#') did neither stop at such, nor at
string ends. It always scanned the whole 256 character long
buffer and accessed uninitialized memory. valgrind doesn't
like that. I dropped the 256 counter, because fgets =does=
add the closing zero. It is safe to scan until we either
get the zero or the hash mark.
---

diff --git a/simgear/timing/timezone.cxx b/simgear/timing/timezone.cxx
index f0d91404..29ef5df0 100644
--- a/simgear/timing/timezone.cxx
+++ b/simgear/timing/timezone.cxx
@@ -62,13 +62,16 @@ Timezone::Timezone(const char *infoString) :
     char sign;
     sign = latlon[0];
     strncpy(buffer, &latlon[1], 2);
+    buffer[2] = 0;
     lat = atof(buffer);
     strncpy(buffer, &latlon[3], 2);
+    buffer[2] = 0;
     lat += (atof(buffer) / 60);
     int nextPos;
     if (strlen(latlon) > 12) {
         nextPos = 7;
         strncpy(buffer, &latlon[5], 2);
+        buffer[2] = 0;
         lat += (atof(buffer) / 3600.0);
     } else {
         nextPos = 5;
@@ -80,6 +83,7 @@ Timezone::Timezone(const char *infoString) :
     sign = latlon[nextPos];
     nextPos++;
     strncpy(buffer, &latlon[nextPos], 3);
+    buffer[3] = 0;
     lon = atof(buffer);
     nextPos += 3;
     strncpy(buffer, &latlon[nextPos], 2);
@@ -89,6 +93,7 @@ Timezone::Timezone(const char *infoString) :
     if (strlen(latlon) > 12) {
         nextPos += 2;
         strncpy(buffer, &latlon[nextPos], 2); 
+        buffer[2] = 0;
         lon +=  (atof (buffer) / 3600.00);
     }
     if (sign == '-') {
@@ -136,10 +141,11 @@ TimezoneContainer::TimezoneContainer(const char *filename)
             if( buffer[0] == '#' )
                continue;
 #else
-            for (int i = 0; i < 256; i++) {
-                if (buffer[i] == '#') {
-                    buffer[i] = 0;
-                }
+            for (char *p = buffer; *p; p++) {
+                if (*p == '#') {
+                    *p = 0;
+                    break;
+                }    
             }
 #endif
             if (buffer[0]) {