This should eliminate three of the "low" coverity defects where strcat or
strcpy can overflow the destination buffer if left as is.
From dbb86a6ed3c694944b91f3230983c1106e142bd8 Mon Sep 17 00:00:00 2001
From: Mark Roszko <[email protected]>
Date: Sun, 9 Aug 2015 18:00:20 -0400
Subject: [PATCH 1/1] Fixed strcat/cpy safety issues
---
common/fpid.cpp | 2 +-
gerbview/rs274x.cpp | 5 ++++-
pcbnew/legacy_netlist_reader.cpp | 3 ++-
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/common/fpid.cpp b/common/fpid.cpp
index 025b7b5..1ed0f99 100644
--- a/common/fpid.cpp
+++ b/common/fpid.cpp
@@ -97,7 +97,7 @@ static int okRevision( const std::string& aField )
if( aField.size() >= 4 )
{
strcpy( rev, "x/" );
- strcat( rev, aField.c_str() );
+ strncat( rev, aField.c_str(), sizeof(rev)-strlen(rev)-1 );
if( EndsWithRev( rev, rev + strlen(rev), '/' ) == rev+2 )
return -1; // success
diff --git a/gerbview/rs274x.cpp b/gerbview/rs274x.cpp
index d30ee3a..b8eb6c7 100644
--- a/gerbview/rs274x.cpp
+++ b/gerbview/rs274x.cpp
@@ -597,7 +597,10 @@ bool GERBER_IMAGE::ExecuteRS274XCommand( int command,
ReportMessage( _( "Too many include files!!" ) );
break;
}
- strcpy( line, text );
+
+ strncpy( line, text, sizeof(line)-1 );
+ line[sizeof(line)-1] = '\0';
+
strtok( line, "*%%\n\r" );
m_FilesList[m_FilesPtr] = m_Current_File;
diff --git a/pcbnew/legacy_netlist_reader.cpp b/pcbnew/legacy_netlist_reader.cpp
index 4c769d2..a559c7b 100644
--- a/pcbnew/legacy_netlist_reader.cpp
+++ b/pcbnew/legacy_netlist_reader.cpp
@@ -108,7 +108,8 @@ COMPONENT* LEGACY_NETLIST_READER::loadComponent( char* aText )
wxString name; // the name of component that was placed in the schematic
char line[1024];
- strcpy( line, aText );
+ strncpy( line, aText, sizeof(line)-1 );
+ line[sizeof(line)-1] = '\0';
value = wxT( "~" );
--
1.9.1
_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kicad-developers
More help : https://help.launchpad.net/ListHelp
