On 19 Aug 2008, at 15:10, Aymeric Barthe wrote:
On 19 Aug 2008, at 14:41, Aymeric Barthe wrote:
#ifdef WIN32
if(filename[1] == ':' && filename[2] != '\\') // Memory overrun
here!
len+=3; /* relative filename - add / and ./ */
else if(*filename == '\\')
len-=2; /* two // from not needed in filename */
else
len++; /* / at start of path */
#else
I guess a calling an strlen() would do the trick, but I am not sure
it
would be so efficient:
if( (strlen(filename) >= 3) && filename[1] == ':' && filename[2] !=
'\\')
it could be
if (filename[0] && filename[1] == ':' && filename[2] != '\\')
- Steve
Right, it would solve this particular case, but I am not sure if dummy
strings like "a" could end up being passed to this function. If that
is
the case we still have an overrun.
So maybe something like this would be more secure:
if (filename[0] && filename[1] && filename[2] && filename[1] == ':'
&&
filename[2] != '\\')
That's no different, if filename[1] == ':' is true, then filename[1]
will be true also.
Conjunctive expressions in C evaluate left to right and shortcut.
- Steve
_______________________________________________
redland-dev mailing list
[email protected]
http://lists.librdf.org/mailman/listinfo/redland-dev
