ereg.c

Rasmus Lerdorf Sat, 06 Aug 2011 17:18:58 -0700

rasmus                                   Sun, 07 Aug 2011 00:18:38 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=314388


Log:
These naked strcpy()s scare me

Changed paths:
    U   php/php-src/branches/PHP_5_3/ext/ereg/ereg.c
    U   php/php-src/branches/PHP_5_4/ext/ereg/ereg.c
    U   php/php-src/trunk/ext/ereg/ereg.c

Modified: php/php-src/branches/PHP_5_3/ext/ereg/ereg.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/ereg/ereg.c        2011-08-07 00:01:17 UTC 
(rev 314387)
+++ php/php-src/branches/PHP_5_3/ext/ereg/ereg.c        2011-08-07 00:18:38 UTC 
(rev 314388)
@@ -474,7 +474,7 @@
                        if (new_l + 1 > buf_len) {
                                buf_len = 1 + buf_len + 2 * new_l;
                                nbuf = emalloc(buf_len);
-                               strcpy(nbuf, buf);
+                               strcpy(nbuf, buf, buf_len-1);
                                efree(buf);
                                buf = nbuf;
                        }
@@ -511,7 +511,7 @@
                                if (new_l + 1 > buf_len) {
                                        buf_len = 1 + buf_len + 2 * new_l;
                                        nbuf = safe_emalloc(buf_len, 
sizeof(char), 0);
-                                       strcpy(nbuf, buf);
+                                       strcpy(nbuf, buf, buf_len-1);
                                        efree(buf);
                                        buf = nbuf;
                                }
@@ -526,7 +526,7 @@
                        if (new_l + 1 > buf_len) {
                                buf_len = new_l + 1; /* now we know exactly how 
long it is */
                                nbuf = safe_emalloc(buf_len, sizeof(char), 0);
-                               strcpy(nbuf, buf);
+                               strcpy(nbuf, buf, buf_len-1);
                                efree(buf);
                                buf = nbuf;
                        }

Modified: php/php-src/branches/PHP_5_4/ext/ereg/ereg.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/ereg/ereg.c        2011-08-07 00:01:17 UTC 
(rev 314387)
+++ php/php-src/branches/PHP_5_4/ext/ereg/ereg.c        2011-08-07 00:18:38 UTC 
(rev 314388)
@@ -474,7 +474,7 @@
                        if (new_l + 1 > buf_len) {
                                buf_len = 1 + buf_len + 2 * new_l;
                                nbuf = emalloc(buf_len);
-                               strcpy(nbuf, buf);
+                               strncpy(nbuf, buf, buf_len-1);
                                efree(buf);
                                buf = nbuf;
                        }
@@ -511,7 +511,7 @@
                                if (new_l + 1 > buf_len) {
                                        buf_len = 1 + buf_len + 2 * new_l;
                                        nbuf = safe_emalloc(buf_len, 
sizeof(char), 0);
-                                       strcpy(nbuf, buf);
+                                       strncpy(nbuf, buf, buf_len-1);
                                        efree(buf);
                                        buf = nbuf;
                                }
@@ -526,7 +526,7 @@
                        if (new_l + 1 > buf_len) {
                                buf_len = new_l + 1; /* now we know exactly how 
long it is */
                                nbuf = safe_emalloc(buf_len, sizeof(char), 0);
-                               strcpy(nbuf, buf);
+                               strncpy(nbuf, buf, buf_len-1);
                                efree(buf);
                                buf = nbuf;
                        }

Modified: php/php-src/trunk/ext/ereg/ereg.c
===================================================================
--- php/php-src/trunk/ext/ereg/ereg.c   2011-08-07 00:01:17 UTC (rev 314387)
+++ php/php-src/trunk/ext/ereg/ereg.c   2011-08-07 00:18:38 UTC (rev 314388)
@@ -474,7 +474,7 @@
                        if (new_l + 1 > buf_len) {
                                buf_len = 1 + buf_len + 2 * new_l;
                                nbuf = emalloc(buf_len);
-                               strcpy(nbuf, buf);
+                               strncpy(nbuf, buf, buf_len-1);
                                efree(buf);
                                buf = nbuf;
                        }
@@ -511,7 +511,7 @@
                                if (new_l + 1 > buf_len) {
                                        buf_len = 1 + buf_len + 2 * new_l;
                                        nbuf = safe_emalloc(buf_len, 
sizeof(char), 0);
-                                       strcpy(nbuf, buf);
+                                       strncpy(nbuf, buf, buf_len-1);
                                        efree(buf);
                                        buf = nbuf;
                                }
@@ -526,7 +526,7 @@
                        if (new_l + 1 > buf_len) {
                                buf_len = new_l + 1; /* now we know exactly how 
long it is */
                                nbuf = safe_emalloc(buf_len, sizeof(char), 0);
-                               strcpy(nbuf, buf);
+                               strncpy(nbuf, buf, buf_len-1);
                                efree(buf);
                                buf = nbuf;
                        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/ereg/ereg.c branches/PHP_5_4/ext/ereg/ereg.c trunk/ext/ereg/ereg.c

Reply via email to