The first version of the patch has an off by one error in it. Here's a fixed patch.
Scott K
Patch from Rebecca Palmer https://bugs.launchpad.net/ubuntu/+source/flightgear/+bug/1077624/comments/75 diff -up simgear-2.10.0/simgear/io/sg_socket_udp.cxx simgear-2.10.0/simgear/io/sg_socket_udp_fixed.cxx --- simgear-2.10.0/simgear/io/sg_socket_udp.cxx 2012-01-04 20:12:22.000000000 +0000 +++ simgear-2.10.0/simgear/io/sg_socket_udp_fixed.cxx 2013-09-07 22:16:06.087012423 +0100 @@ -103,9 +103,13 @@ int SGSocketUDP::read( char *buf, int le return 0; } + if (length <= 0) { + return 0; + } int result; + int maxsize = (length - 1) < SG_IO_MAX_MSG_SIZE ? (length - 1) : SG_IO_MAX_MSG_SIZE; - if ( (result = sock.recv(buf, SG_IO_MAX_MSG_SIZE, 0)) >= 0 ) { + if ( (result = sock.recv(buf, maxsize, 0)) >= 0 ) { buf[result] = '\0'; // printf("msg received = %s\n", buf); } @@ -120,10 +124,14 @@ int SGSocketUDP::readline( char *buf, in return 0; } + if (length <= 0) { + return 0; + } // cout << "sock = " << sock << endl; char *buf_ptr = save_buf + save_len; - int result = sock.recv(buf_ptr, SG_IO_MAX_MSG_SIZE, 0); + int maxsize = save_len < SG_IO_MAX_MSG_SIZE ? SG_IO_MAX_MSG_SIZE : 2 * SG_IO_MAX_MSG_SIZE - save_len; //prevent buffer overflow (size of save_buf is 2 * SG_IO_MAX_MSG_SIZE) + int result = sock.recv(buf_ptr, maxsize, 0); // printf("msg received = %s\n", buf); save_len += result; @@ -142,6 +150,7 @@ int SGSocketUDP::readline( char *buf, in // we found an end of line // copy to external buffer + result = result < (length - 1) ? result : (length - 1); //prevent buffer overflow strncpy( buf, save_buf, result ); buf[result] = '\0'; // cout << "sg_socket line = " << buf << endl;
signature.asc
Description: This is a digitally signed message part.