Re: next_matrix_from

pspp-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: next_matrix_from_reader()

From:	John Darrington
Subject:	Re: next_matrix_from_reader()
Date:	Tue, 16 May 2017 06:47:44 +0200
User-agent:	Mutt/1.5.23 (2014-03-12)

Hi Ben, 

I agree that code is not particularly elegent.


I will have a think about the buffer overrun issue and see if anything needs to 
be
changed.  Thanks for mentioning it.

John

On Mon, May 15, 2017 at 09:05:52PM -0700, Ben Pfaff wrote:
     Hi John, there's some code in next_matrix_from_reader() in
     src/language/data-io/matrix-reader.c that's concerning me a little:
     
           const int w = var_get_width (mr->varname);
           char s[w];
           memset (s, 0, w);
           const char *name = var_get_name (vars[i]);
           strcpy (s, name);
           unsigned long h = hash_bytes (s, w, 0);
           table[i] = h;
     
     At least without looking further, it's hard to see that 'w' is long
     enough to hold the whole length of 'name', plus a null terminator.  Is
     there something that guarantees this?
     
     (My attention was drawn here by a GCC warning about strcpy() into a
     uint8_t array, but I fixed that by changing s[] from uint8_t to char.)
     
     Thanks,
     
     Ben.

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: next_matrix_from_reader(), John Darrington <=

Next by Date: New Dutch PO file for 'pspp' (version 0.10.2)
Next by thread: New Dutch PO file for 'pspp' (version 0.10.2)
Index(es):
- Date
- Thread