Le 06/02/2020 à 18:16, Pavel Sanda a écrit :
On Thu, Feb 06, 2020 at 06:01:26PM +0100, Enrico Forestieri wrote:
On Thu, Feb 06, 2020 at 05:46:57PM +0100, Pavel Sanda wrote:
On Thu, Feb 06, 2020 at 04:02:34PM +0100, Enrico Forestieri wrote:
On Thu, Feb 06, 2020 at 12:59:53PM +0100, Pavel Sanda wrote:
I looked at the code and the buffer length seems properly handled in the
reported
line (247) by the previous if clause.
What is not clear to me are two following lines, which add m+1 chars while the
check seem to properly handle only m chars and leaving no place for the final'
\0'.
Anyone else can confirm?
I think the code is correct. It copies m+1 chars in order to be sure that
the final '\0' is also copied. The fact that there is space for it is
assured by the initial check that k+m+1 < MAX_WD_LEN.
I checked the code again and you are right.
Misread < (by <=) in the initial condition.
On second thought, I instead think you are right. The code also adds
a blank after the first strncpy(dfn,pos,k), and that makes a total
of k+m+2 chars when accounting also for the final '\0'.
This is what I initially thought, but no k+m+2 is still ok because we
check against < MAX_WD_LEN-1 not <= MAX_WD_LEN-1.
I patched and recompiled, same warning as expected from the last posts.
--
Jean-Pierre
--
lyx-devel mailing list
lyx-devel@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-devel
