http://bugs.winehq.org/show_bug.cgi?id=18045
Summary: Dangerous usage of strncat Product: Wine Version: 1.1.19 Platform: Other URL: http://cppcheck.wiki.sourceforge.net/ OS/Version: other Status: UNCONFIRMED Severity: minor Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: begert@gmail.com CC: begert@gmail.com
Running cppcheck 1.31 against wine 1.1.19 yeilds:
[./dlls/mciavi32/info.c:257]: (all) Dangerous usage of strncat, possible buffer overrun
Currently the code looks like:
strncat(buffer, " seek_exactly", sizeof(buffer));
Looking at the strncat man page, perhaps better usage would be:
strncat(buffer, " seek_exactly", sizeof(buffer) - strlen(buffer) - 1);
http://bugs.winehq.org/show_bug.cgi?id=18045
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com Keywords| |download, source
http://bugs.winehq.org/show_bug.cgi?id=18045
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|begert@gmail.com |
--- Comment #1 from Austin English austinenglish@gmail.com 2009-04-14 11:05:39 --- No need to CC yourself, you're the reporter.
http://bugs.winehq.org/show_bug.cgi?id=18045
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd@gmail.com
--- Comment #2 from Vincent Povirk madewokherd@gmail.com 2009-04-14 11:42:49 --- This is in the MCIAVI_mciSet function.
The string buffer is only used to output debugging information, and all of the source buffers are constant strings. The buffer is long enough that the function won't overrun it. So this isn't really going to cause any problems.
That said, because it's all debugging information from constant strings, there's no need to build a string buffer in this function at all.
I'll send a patch.
http://bugs.winehq.org/show_bug.cgi?id=18045
--- Comment #3 from Vincent Povirk madewokherd@gmail.com 2009-04-14 12:41:30 --- Sent patch: http://www.winehq.org/pipermail/wine-patches/2009-April/071835.html
http://bugs.winehq.org/show_bug.cgi?id=18045
James Pelcis jpelcis@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jpelcis@gmail.com
--- Comment #4 from James Pelcis jpelcis@gmail.com 2009-05-01 14:52:41 --- Fixed in wine 1.1.20.
http://bugs.winehq.org/show_bug.cgi?id=18045
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED
--- Comment #5 from Austin English austinenglish@gmail.com 2009-05-01 14:53:32 --- Fixed.
http://bugs.winehq.org/show_bug.cgi?id=18045
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org 2009-05-08 12:52:03 --- Closing bugs fixed in 1.1.21.
-
wine-bugs@winehq.org