rpms / cscope

Clone
Source Code
GIT

Files

  1.   6eb1cd792be5f60ab5d81c919958ff007eb406a0
  2.   cscope-15.5-putstring-overflow.patch
Blob Blame History Raw 
--- cscope-15.5/src/find.c.stack	2006-06-23 16:00:34.000000000 -0400
+++ cscope-15.5/src/find.c	2006-06-23 16:00:47.000000000 -0400
@@ -184,7 +184,7 @@ find_symbol_or_assignment(char *pattern,
 
 	(void) scanpast('\t');			/* find the end of the header */
 	skiprefchar();			/* skip the file marker */
-	putstring(file);		/* save the file name */
+	putstring(file, PATHLEN);	/* save the file name */
 	(void) strcpy(function, global);/* set the dummy global function name */
 	(void) strcpy(macro, global);/* set the dummy global macro name */
 	
@@ -216,7 +216,7 @@ find_symbol_or_assignment(char *pattern,
 
 				/* save the name */
 				skiprefchar();
-				putstring(file);
+				putstring(file, PATHLEN);
 			
 				/* check for the end of the symbols */
 				if (*file == '\0') {
@@ -255,7 +255,7 @@ find_symbol_or_assignment(char *pattern,
 			}
 			/* save the name */
 			skiprefchar();
-			putstring(s);
+			putstring(s, PATHLEN);
 
 			/* see if this is a regular expression pattern */
 			if (isregexp_valid == YES) { 
@@ -293,7 +293,7 @@ find_symbol_or_assignment(char *pattern,
 			
 			if (isalpha((unsigned char)firstchar) || firstchar == '_') {
 				blockp = cp;
-				putstring(symbol);
+				putstring(symbol, PATHLEN);
 				if (caseless == YES) {
 					s = lcasify(symbol);	/* point to lower case version */
 				}
@@ -382,7 +382,7 @@ finddef(char *pattern)
 			
 		case NEWFILE:
 			skiprefchar();	/* save file name */
-			putstring(file);
+			putstring(file, PATHLEN);
 			if (*file == '\0') {	/* if end of symbols */
 				return NULL;
 			}
@@ -412,21 +412,36 @@ finddef(char *pattern)
 }
 /* find all function definitions (used by samuel only) */
 
+static void blow_up(int line)
+{
+	fprintf(stderr,"STACK CORRUPTION AT %d\n",line);
+	abort();
+}
+
+#define CHECK_STACK() do { if(test != (unsigned int)&test) {\
+blow_up(__LINE__);\
+}} while(0)
+
 char *
 findallfcns(char *dummy)
 {
+	volatile unsigned int test = 0;
 	char	file[PATHLEN + 1];	/* source file name */
 	char	function[PATLEN + 1];	/* function name */
-
+	char oldblockp;  
 	(void) dummy;		/* unused argument */
 
 	/* find the next file name or definition */
+	test = (unsigned int)&test;
 	while (scanpast('\t') != NULL) {
+		CHECK_STACK();
+		oldblockp=*blockp;	
 		switch (*blockp) {
 			
 		case NEWFILE:
 			skiprefchar();	/* save file name */
-			putstring(file);
+			putstring(file, PATHLEN);
+			CHECK_STACK();
 			if (*file == '\0') {	/* if end of symbols */
 				return NULL;
 			}
@@ -440,8 +455,7 @@ findallfcns(char *dummy)
 		case FCNDEF:
 		case CLASSDEF:
 			skiprefchar();	/* save function name */
-			putstring(function);
-
+			putstring(function, PATHLEN);
 			/* output the file, function and source line */
 			putref(0, file, function);
 			break;
@@ -483,7 +497,7 @@ findcalling(char *pattern)
 			
 		case NEWFILE:		/* save file name */
 			skiprefchar();
-			putstring(file);
+			putstring(file, PATHLEN);
 			if (*file == '\0') {	/* if end of symbols */
 				return NULL;
 			}
@@ -494,7 +508,7 @@ findcalling(char *pattern)
 		case DEFINE:		/* could be a macro */
 			if (fileversion >= 10) {
 				skiprefchar();
-				putstring(macro);
+				putstring(macro, PATHLEN);
 			}
 			break;
 
@@ -504,7 +518,7 @@ findcalling(char *pattern)
 
 		case FCNDEF:		/* save calling function name */
 			skiprefchar();
-			putstring(function);
+			putstring(function, PATHLEN);
 			for (i = 0; i < morefuns; i++)
 				if ( !strcmp(tmpfunc[i], function) )
 					break;
@@ -639,7 +653,7 @@ findinclude(char *pattern)
 			
 		case NEWFILE:		/* save file name */
 			skiprefchar();
-			putstring(file);
+			putstring(file, PATHLEN);
 			if (*file == '\0') {	/* if end of symbols */
 				return NULL;
 			}
@@ -790,7 +804,7 @@ match(void)
 
 	/* see if this is a regular expression pattern */
 	if (isregexp_valid == YES) {
-		putstring(string);
+		putstring(string, PATHLEN);
 		if (*string == '\0') {
 			return(NO);
 		}
@@ -940,26 +954,29 @@ putline(FILE *output)
 /* put the rest of the cross-reference line into the string */
 
 void
-putstring(char *s)
+putstring(char *s, int length)
 {
 	char	*cp;
 	unsigned c;
-	
+	int i=0;	
 	setmark('\n');
 	cp = blockp;
 	do {
-		while ((c = (unsigned)(*cp)) != '\n') {
+		while (((c = (unsigned)(*cp)) != '\n') && (i<length)) {
 			if (c > '\177') {
 				c &= 0177;
 				*s++ = dichar1[c / 8];
 				*s++ = dichar2[c & 7];
+				i+=2;
 			}
 			else {
 				*s++ = c;
+				i++;
 			}
 			++cp;
 		}
-	} while (*(cp + 1) == '\0' && (cp = readblock()) != NULL);
+	} while (((*(cp + 1) == '\0' && (cp = readblock()) != NULL)) && 
+	  (i < length));
 	blockp = cp;
 	*s = '\0';
 }
@@ -1059,7 +1076,7 @@ findcalledby(char *pattern)
 			
 		case NEWFILE:
 			skiprefchar();	/* save file name */
-			putstring(file);
+			putstring(file, PATHLEN);
 			if (*file == '\0') {	/* if end of symbols */
 				return(&found_caller);
 			}
@@ -1194,7 +1211,7 @@ putpostingref(POSTING *p, char *pat)
 		if (p->type == FCNDEF) { /* need to find the function name */
 			if (dbseek(p->lineoffset) != -1) {
 				scanpast(FCNDEF);
-				putstring(function);
+				putstring(function, PATHLEN);
 			}
 		}
 		else if (p->type != FCNCALL) {
@@ -1203,7 +1220,7 @@ putpostingref(POSTING *p, char *pat)
 	}
 	else if (p->fcnoffset != lastfcnoffset) {
 		if (dbseek(p->fcnoffset) != -1) {
-			putstring(function);
+			putstring(function, PATHLEN);
 			lastfcnoffset = p->fcnoffset;
 		}
 	}
--- cscope-15.5/src/global.h.stack	2006-06-23 16:01:31.000000000 -0400
+++ cscope-15.5/src/global.h	2006-06-23 16:02:55.000000000 -0400
@@ -370,7 +370,7 @@ void	postmsg(char *msg);
 void	postmsg2(char *msg);
 void	posterr(char *msg,...);
 void	putposting(char *term, int type);
-void	putstring(char *s);
+void	putstring(char *s, int length);
 void	resetcmd(void);
 void	seekline(int line);
 void	setfield(void);
--- cscope-15.5/src/build.c.stack	2003-03-05 05:43:59.000000000 -0500
+++ cscope-15.5/src/build.c	2006-06-23 16:00:47.000000000 -0400
@@ -82,7 +82,7 @@ static	void	copyinverted(void);
 static	char	*getoldfile(void);
 static	void	movefile(char *new, char *old);
 static	void	putheader(char *dir);
-static	void	putinclude(char *s);
+static	void	putinclude(char *s, int len);
 static	void	putlist(char **names, int count);
 static	BOOL	samelist(FILE *oldrefs, char **names, int count);
 
@@ -512,7 +512,7 @@ getoldfile(void)
 		do {
 			if (*blockp == NEWFILE) {
 				skiprefchar();
-				putstring(file);
+				putstring(file, PATHLEN);
 				if (file[0] != '\0') {	/* if not end-of-crossref */
 					return(file);
 				}
@@ -614,7 +614,7 @@ copydata(void)
 		/* look for an #included file */
 		if (*cp == INCLUDE) {
 			blockp = cp;
-			putinclude(symbol);
+			putinclude(symbol, PATHLEN);
 			writestring(symbol);
 			setmark('\t');
 			cp = blockp;
@@ -666,12 +666,12 @@ copyinverted(void)
 			case NEWFILE:		/* file name */
 				return;
 			case INCLUDE:		/* #included file */
-				putinclude(symbol);
+				putinclude(symbol, PATHLEN);
 				goto output;
 			}
 			dbputc(type);
 			skiprefchar();
-			putstring(symbol);
+			putstring(symbol, PATHLEN);
 			goto output;
 		}
 		c = *cp;
@@ -681,7 +681,7 @@ copyinverted(void)
 		/* if this is a symbol */
 		if (isalpha((unsigned char)c) || c == '_') {
 			blockp = cp;
-			putstring(symbol);
+			putstring(symbol, PATHLEN);
 			type = ' ';
 		output:
 			putposting(symbol, type);
@@ -712,11 +712,11 @@ movefile(char *new, char *old)
 /* process the #included file in the old database */
 
 static void
-putinclude(char *s)
+putinclude(char *s, int len)
 {
 	dbputc(INCLUDE);
 	skiprefchar();
-	putstring(s);
+	putstring(s, len);
 	incfile(s + 1, s);
 }
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.