Trying the static analyzer 'cppcheck-1.34' on Vim source code,
I saw the following warning:
[./GvimExt/gvimext.cpp:638]: (all) Dangerous usage of strncat. Tip:
the 3rd parameter means maximum number of characters to append
Code in vim7/src/gvimext.cpp is:
623 char temp[BUFSIZE];
...
637 strncpy(temp, _("Edit with existing Vim - "), BUFSIZE - 1);
638 strncat(temp, title, BUFSIZE - 1);
Code is incorrect indeed: strncat() may overflow temp buffer.
Attached patch fixes it.
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
Index: src/GvimExt/gvimext.cpp
===================================================================
RCS file: /cvsroot/vim/vim7/src/GvimExt/gvimext.cpp,v
retrieving revision 1.8
diff -c -r1.8 gvimext.cpp
*** src/GvimExt/gvimext.cpp 24 Jul 2008 18:51:11 -0000 1.8
--- src/GvimExt/gvimext.cpp 26 Jul 2009 18:48:20 -0000
***************
*** 635,641 ****
}
// Now concatenate
strncpy(temp, _("Edit with existing Vim - "), BUFSIZE - 1);
! strncat(temp, title, BUFSIZE - 1);
InsertMenu(hMenu,
indexMenu++,
MF_STRING|MF_BYPOSITION,
--- 635,643 ----
}
// Now concatenate
strncpy(temp, _("Edit with existing Vim - "), BUFSIZE - 1);
! temp[BUFSIZE - 1] = '\0';
! int remaining = BUFSIZE - 1 - strlen(temp);
! strncat(temp, title, remaining);
InsertMenu(hMenu,
indexMenu++,
MF_STRING|MF_BYPOSITION,
