-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix buffer overrun in tabs[MAX_NESTS] by adding space for \0 terminator #729
Conversation
.. also speed it up by not using strcat when direct array access works just fine.
char *dims_string = NULL; | ||
char temp_string[10]; | ||
int t, retval, d, i; | ||
|
||
/* Come up with a number of tabs relative to the group. */ | ||
for (t = 0; t < tab_count && t < MAX_NESTS; t++) | ||
strcat(tabs, "\t"); | ||
tabs[t] = '\t'; | ||
tabs[t] = '\0'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this line, it is not needed. The strcat function is guaranteed to add the null terminator.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed the strcat altogether because it is inefficient to perform 55 operations (and 10 function calls) instead of 10 direct writes and no function calls.
edit: small correction
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK that's cool!
@@ -1857,14 +1857,15 @@ rec_print_metadata(NC_GRP_INFO_T *grp, int tab_count) | |||
NC_DIM_INFO_T *dim; | |||
NC_TYPE_INFO_T *type; | |||
NC_FIELD_INFO_T *field; | |||
char tabs[MAX_NESTS] = ""; | |||
char tabs[MAX_NESTS+1] = ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch!
Thank you very much, it looks great. Updating with the changes in master and will merge :). |
.. also speed it up by not using strcat when direct array access works just fine.
In the
Anaconda Distribution
we build on macOS with-fstack-protector-strong
. Here is the stack trace I got:Please consider my patch for inclusion, if you have any problems with it then please let me know.