[PATCH 3/4] Don't crash on loading tags longer than 127 chars
Anton Lundin
glance at acc.umu.se
Wed Dec 11 12:21:51 UTC 2013
We didn't enforce a limit on tag length, but we would crash on a tag
longer than 127 chars.
This uses the xml buffer as scratch space. Don't really know if this is
fair, but it looks like it works.
Signed-off-by: Anton Lundin <glance at acc.umu.se>
---
parse-xml.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/parse-xml.c b/parse-xml.c
index 633b448..52abf89 100644
--- a/parse-xml.c
+++ b/parse-xml.c
@@ -218,7 +218,6 @@ enum ParseState {FINDSTART, FINDEND};
static void divetags(char *buffer, void *_tags)
{
struct tag_entry *tags = _tags;
- char tag[128];
int i = 0, start = 0, end = 0;
enum ParseState state = FINDEND;
i=0;
@@ -230,10 +229,9 @@ static void divetags(char *buffer, void *_tags)
/* Found end of tag */
if (i > 1) {
if(buffer[i-1] != '\\') {
- strncpy(tag, buffer+start, end-start+1);
- tag[end-start+1] = '\0';
+ buffer[end-start+1] = '\0';
state=FINDSTART;
- taglist_add_tag(tags, tag);
+ taglist_add_tag(tags, buffer+start);
}
} else {
state=FINDSTART;
@@ -256,9 +254,9 @@ static void divetags(char *buffer, void *_tags)
if (end < start)
end = strlen(buffer)-1;
if (strlen(buffer) > 0) {
- strncpy(tag, buffer+start, end-start+1);
- tag[end-start+1] = '\0';
- taglist_add_tag(tags, tag);
+ buffer[end-start+1] = '\0';
+ state=FINDSTART;
+ taglist_add_tag(tags, buffer+start);
}
}
}
--
1.8.3.2
More information about the subsurface
mailing list