Patch from Melchior Franz:

at several places material was copied to "buffer" using strncpy without adding a closing '\0'. This again lead to access to non initialized memory and potentially (and actually at least in one case) to feeding garbage to atof(). In case the following garbage happened to start with digits, we would get funny time values. :-) I just added the obligatory "buffer[n] = 0", which doesn't really look professional now. Maybe we should use the string class or define a helper function that strncopies =and= adds a trailing zero? The last hunk fixes another buglet, that wasn't dangerous at all, but caused an error message. The loop that should cut the string at hash marks ('#') did neither stop at such, nor at string ends. It always scanned the whole 256 character long buffer and accessed uninitialized memory. valgrind doesn't like that. I dropped the 256 counter, because fgets =does= add the closing zero. It is safe to scan until we either get the zero or the hash mark.
2002-03-25 19:50:32 +00:00 · 2002-03-25 19:50:32 +00:00 · a8e0002a64
commit a8e0002a64
parent bf75cf7225
1 changed files with 10 additions and 4 deletions
--- a/simgear/timing/timezone.cxx
+++ b/simgear/timing/timezone.cxx
@ -62,13 +62,16 @@ Timezone::Timezone(const char *infoString) :
    char sign;
    sign = latlon[0];
    strncpy(buffer, &latlon[1], 2);
+    buffer[2] = 0;
    lat = atof(buffer);
    strncpy(buffer, &latlon[3], 2);
+    buffer[2] = 0;
    lat += (atof(buffer) / 60);
    int nextPos;
    if (strlen(latlon) > 12) {
        nextPos = 7;
        strncpy(buffer, &latlon[5], 2);
+        buffer[2] = 0;
        lat += (atof(buffer) / 3600.0);
    } else {
        nextPos = 5;
@ -80,6 +83,7 @@ Timezone::Timezone(const char *infoString) :
    sign = latlon[nextPos];
    nextPos++;
    strncpy(buffer, &latlon[nextPos], 3);
+    buffer[3] = 0;
    lon = atof(buffer);
    nextPos += 3;
    strncpy(buffer, &latlon[nextPos], 2);
@ -89,6 +93,7 @@ Timezone::Timezone(const char *infoString) :
    if (strlen(latlon) > 12) {
        nextPos += 2;
        strncpy(buffer, &latlon[nextPos], 2); 
+        buffer[2] = 0;
        lon +=  (atof (buffer) / 3600.00);
    }
    if (sign == '-') {
@ -136,10 +141,11 @@ TimezoneContainer::TimezoneContainer(const char *filename)
            if( buffer[0] == '#' )
               continue;
 #else
-            for (int i = 0; i < 256; i++) {
-                if (buffer[i] == '#') {
-                    buffer[i] = 0;
-                }
+            for (char *p = buffer; *p; p++) {
+                if (*p == '#') {
+                    *p = 0;
+                    break;
+                }    
            }
 #endif
            if (buffer[0]) {