rasmus Sun, 07 Aug 2011 00:18:38 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=314388
Log: These naked strcpy()s scare me Changed paths: U php/php-src/branches/PHP_5_3/ext/ereg/ereg.c U php/php-src/branches/PHP_5_4/ext/ereg/ereg.c U php/php-src/trunk/ext/ereg/ereg.c Modified: php/php-src/branches/PHP_5_3/ext/ereg/ereg.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/ereg/ereg.c 2011-08-07 00:01:17 UTC (rev 314387) +++ php/php-src/branches/PHP_5_3/ext/ereg/ereg.c 2011-08-07 00:18:38 UTC (rev 314388) @@ -474,7 +474,7 @@ if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = emalloc(buf_len); - strcpy(nbuf, buf); + strcpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -511,7 +511,7 @@ if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strcpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -526,7 +526,7 @@ if (new_l + 1 > buf_len) { buf_len = new_l + 1; /* now we know exactly how long it is */ nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strcpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } Modified: php/php-src/branches/PHP_5_4/ext/ereg/ereg.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/ereg/ereg.c 2011-08-07 00:01:17 UTC (rev 314387) +++ php/php-src/branches/PHP_5_4/ext/ereg/ereg.c 2011-08-07 00:18:38 UTC (rev 314388) @@ -474,7 +474,7 @@ if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = emalloc(buf_len); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -511,7 +511,7 @@ if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -526,7 +526,7 @@ if (new_l + 1 > buf_len) { buf_len = new_l + 1; /* now we know exactly how long it is */ nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } Modified: php/php-src/trunk/ext/ereg/ereg.c =================================================================== --- php/php-src/trunk/ext/ereg/ereg.c 2011-08-07 00:01:17 UTC (rev 314387) +++ php/php-src/trunk/ext/ereg/ereg.c 2011-08-07 00:18:38 UTC (rev 314388) @@ -474,7 +474,7 @@ if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = emalloc(buf_len); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -511,7 +511,7 @@ if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -526,7 +526,7 @@ if (new_l + 1 > buf_len) { buf_len = new_l + 1; /* now we know exactly how long it is */ nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php