bug-tar
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] Unterminated buffer in rtapelib.c

From: Leland Lucius
Subject: [Bug-tar] Unterminated buffer in rtapelib.c
Date: Fri, 27 Feb 2004 02:24:25 -0600 
The seek and ioctl routines do not null terminate the buffers used to convert 
operand_buffer.  This
causes garbage date to follow the number in the data stream.  This (untried) 
fix should fix it:

Leland

--- rtapelib.c.orig     2003-10-04 13:18:02.000000000 -0500
+++ rtapelib.c  2004-02-27 02:19:14.000000000 -0600
@@ -601,10 +601,12 @@
 rmt_lseek__ (int handle, off_t offset, int whence)
 {
   char command_buffer[COMMAND_BUFFER_SIZE];
-  char operand_buffer[UINTMAX_STRSIZE_BOUND];
+  char operand_buffer[UINTMAX_STRSIZE_BOUND + 1];
   uintmax_t u = offset < 0 ? - (uintmax_t) offset : (uintmax_t) offset;
   char *p = operand_buffer + sizeof operand_buffer;
 
+  *--p = '\0';
+
   do
     *--p = '0' + (int) (u % 10);
   while ((u /= 10) != 0);
@@ -642,12 +644,14 @@
     case MTIOCTOP:
       {
        char command_buffer[COMMAND_BUFFER_SIZE];
-       char operand_buffer[UINTMAX_STRSIZE_BOUND];
+       char operand_buffer[UINTMAX_STRSIZE_BOUND + 1];
        uintmax_t u = (((struct mtop *) argument)->mt_count < 0
                       ? - (uintmax_t) ((struct mtop *) argument)->mt_count
                       : (uintmax_t) ((struct mtop *) argument)->mt_count);
        char *p = operand_buffer + sizeof operand_buffer;
        
+       *--p = '\0';
+       
        do
          *--p = '0' + (int) (u % 10);
        while ((u /= 10) != 0);
<<eof>>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]