> zStr::getCompressedText calls
> strcpy(*buf, cacheBlock->getEntry(entry));
My fix for this would be (without digging deep into the sources) in line 438
of zstr.cpp:
strncpy(*buf, cacheBlock->getEntry(entry), size);
strcpy expects a \0-terminated string. If the deciphering with the wrong key
creates a char* without a proper \0 this would result in an address out of
bounds. So the fix is to make sure we just copy the number of bytes which are
available in the cacheBlock.
I did not yet think whether a \0 has to explicitely be set at the end of *buf.
Does this make sense?
Does somebody have the setup to test this?
Thanks,
Joachim
--
<>< Re: deemed
www.bibletime.info
_______________________________________________
sword-devel mailing list: [email protected]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
