<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=windows-1251"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Enrico Tröger wrote:
<blockquote cite="mid:20090902191046.2fa9125c.enrico.troeger@uvena.de"
type="cite">
<pre wrap="">On Wed, 02 Sep 2009 20:48:17 +0400, Eugene wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi all.
The trouble is caused by unsafe usage of `strncpy' and long strings in
Russian localization. I found that the stack overflow is caused by the
following code (geany-plugins/geanygdb/src/gdb-ui-main.c : 366)
-------------------- 8< --------------------
if (text && disable_mnemonics)
{
gchar *p;
gchar buf[32];
strncpy(buf, text, sizeof(buf));
for (p = buf; *p; p++)
{
if (*p == '_')
{
memmove(p, p + 1, strlen(p));
}
}
text = buf;
}
-------------------- 8< --------------------
Obviously, 32 chars are enough for English localisation, but not for
Russian one (which I am using). Quick fix:
...
gchar buf[64];
strncpy(buf, text, sizeof(buf)-1);
buf[sizeof(buf)-1] = '\0';
</pre>
</blockquote>
<pre wrap=""><!---->
This is not really better. Increasing the buffer size only works as
long as someone appears with another language which needs even more
characters. Ok, at some point it gets unlikely if the buffer size is
big enough but it's still ugly.
I suggest a more easy and secure approach (even being a little bit
slower):
gchar *buf = g_strdup(text);
This is very unlikely to fail except there is no more free memory on
the heap but well, in this case many many more things in Geany would go
wrong...:)
</pre>
</blockquote>
Agree, g_strdup will be even better.<br>
<blockquote cite="mid:20090902191046.2fa9125c.enrico.troeger@uvena.de"
type="cite">
<pre wrap="">
Btw,
buf[sizeof(buf)-1]
is really wrong. Because sizeof(buf) is always 32 as it is a fixed
sized char array. But you want to put the \0 at the end of the actual
content not at the end of the buffer.
</pre>
</blockquote>
Putting \0 at the end of the buffer would be enough. If content is
smaller than the buffer, strncpy itself will append \0.<br>
<br>
Best regards,<br>
Eugene.<br>
</body>
</html>