Fix potential vulnerabilities.
--HG-- branch : develop
This commit is contained in:
parent
0ec53b6499
commit
86330282be
|
@ -49,6 +49,7 @@
|
||||||
#include "dl_creationinterface.h"
|
#include "dl_creationinterface.h"
|
||||||
#include "dl_entities.h"
|
#include "dl_entities.h"
|
||||||
#include "iostream"
|
#include "iostream"
|
||||||
|
#include "strlcpy.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default constructor.
|
* Default constructor.
|
||||||
|
@ -2554,10 +2555,7 @@ void DL_Dxf::endSequence(DL_CreationInterface* creationInterface)
|
||||||
DL_WriterA* DL_Dxf::out(const char* file, DL_Codes::version version)
|
DL_WriterA* DL_Dxf::out(const char* file, DL_Codes::version version)
|
||||||
{
|
{
|
||||||
char* f = new char[strlen(file)+1];
|
char* f = new char[strlen(file)+1];
|
||||||
QT_WARNING_PUSH
|
strlcpy(f, file, sizeof(f));
|
||||||
QT_WARNING_DISABLE_MSVC(4996)
|
|
||||||
strcpy(f, file);
|
|
||||||
QT_WARNING_POP
|
|
||||||
this->version = version;
|
this->version = version;
|
||||||
|
|
||||||
DL_WriterA* dw = new DL_WriterA(f, version);
|
DL_WriterA* dw = new DL_WriterA(f, version);
|
||||||
|
@ -5864,7 +5862,7 @@ int DL_Dxf::getLibVersion(const std::string& str)
|
||||||
// double ret;
|
// double ret;
|
||||||
// if (strchr(value, ',') != NULL) {
|
// if (strchr(value, ',') != NULL) {
|
||||||
// char* tmp = new char[strlen(value)+1];
|
// char* tmp = new char[strlen(value)+1];
|
||||||
// strcpy(tmp, value);
|
// strlcpy(tmp, value, sizeof(tmp));
|
||||||
// DL_WriterA::strReplace(tmp, ',', '.');
|
// DL_WriterA::strReplace(tmp, ',', '.');
|
||||||
// ret = atof(tmp);
|
// ret = atof(tmp);
|
||||||
// delete[] tmp;
|
// delete[] tmp;
|
||||||
|
@ -5891,15 +5889,12 @@ void DL_Dxf::test()
|
||||||
char* buf5 = new char[10];
|
char* buf5 = new char[10];
|
||||||
char* buf6 = new char[10];
|
char* buf6 = new char[10];
|
||||||
|
|
||||||
QT_WARNING_PUSH
|
strlcpy(buf1, " 10\n", sizeof(buf1));
|
||||||
QT_WARNING_DISABLE_MSVC(4996)
|
strlcpy(buf2, "10", sizeof(buf2));
|
||||||
strcpy(buf1, " 10\n");
|
strlcpy(buf3, "10\n", sizeof(buf3));
|
||||||
strcpy(buf2, "10");
|
strlcpy(buf4, " 10 \n", sizeof(buf4));
|
||||||
strcpy(buf3, "10\n");
|
strlcpy(buf5, " 10 \r", sizeof(buf5));
|
||||||
strcpy(buf4, " 10 \n");
|
strlcpy(buf6, "\t10 \n", sizeof(buf6));
|
||||||
strcpy(buf5, " 10 \r");
|
|
||||||
strcpy(buf6, "\t10 \n");
|
|
||||||
QT_WARNING_POP
|
|
||||||
|
|
||||||
// Try to avoid deleting array from an offset
|
// Try to avoid deleting array from an offset
|
||||||
char* buf1Copy = buf1;
|
char* buf1Copy = buf1;
|
||||||
|
|
|
@ -66,17 +66,16 @@ void DL_WriterA::dxfReal(int gc, double value) const
|
||||||
{
|
{
|
||||||
char str[256];
|
char str[256];
|
||||||
QT_WARNING_PUSH
|
QT_WARNING_PUSH
|
||||||
QT_WARNING_DISABLE_MSVC(4996)
|
|
||||||
#if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) < 408
|
#if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) < 408
|
||||||
QT_WARNING_DISABLE_GCC("-Wformat")
|
QT_WARNING_DISABLE_GCC("-Wformat")
|
||||||
#endif
|
#endif
|
||||||
if (version==DL_Codes::AC1009_MIN)
|
if (version==DL_Codes::AC1009_MIN)
|
||||||
{
|
{
|
||||||
sprintf(str, "%.6lf", value);
|
snprintf(str, sizeof(str), "%.6lf", value);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sprintf(str, "%.16lf", value);
|
snprintf(str, sizeof(str), "%.16lf", value);
|
||||||
}
|
}
|
||||||
QT_WARNING_POP
|
QT_WARNING_POP
|
||||||
|
|
||||||
|
@ -132,10 +131,7 @@ void DL_WriterA::dxfInt(int gc, int value) const
|
||||||
void DL_WriterA::dxfHex(int gc, int value) const
|
void DL_WriterA::dxfHex(int gc, int value) const
|
||||||
{
|
{
|
||||||
char str[12];
|
char str[12];
|
||||||
QT_WARNING_PUSH
|
snprintf(str, sizeof(str), "%0X", value);
|
||||||
QT_WARNING_DISABLE_MSVC(4996)
|
|
||||||
sprintf(str, "%0X", value);
|
|
||||||
QT_WARNING_POP
|
|
||||||
dxfString(gc, str);
|
dxfString(gc, str);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
143
src/libs/vdxf/dxflib/strlcpy.h
Normal file
143
src/libs/vdxf/dxflib/strlcpy.h
Normal file
|
@ -0,0 +1,143 @@
|
||||||
|
/************************************************************************
|
||||||
|
**
|
||||||
|
** @file strlcpy.h
|
||||||
|
** @author Roman Telezhynskyi <dismine(at)gmail.com>
|
||||||
|
** @date December 20, 2016
|
||||||
|
**
|
||||||
|
** @brief
|
||||||
|
** @copyright
|
||||||
|
** This source code is part of the Valentine project, a pattern making
|
||||||
|
** program, whose allow create and modeling patterns of clothing.
|
||||||
|
** Copyright (C) 2013-2016 Valentina project
|
||||||
|
** <https://bitbucket.org/dismine/valentina> All Rights Reserved.
|
||||||
|
**
|
||||||
|
** Valentina is free software: you can redistribute it and/or modify
|
||||||
|
** it under the terms of the GNU General Public License as published by
|
||||||
|
** the Free Software Foundation, either version 3 of the License, or
|
||||||
|
** (at your option) any later version.
|
||||||
|
**
|
||||||
|
** Valentina is distributed in the hope that it will be useful,
|
||||||
|
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
** GNU General Public License for more details.
|
||||||
|
**
|
||||||
|
** You should have received a copy of the GNU General Public License
|
||||||
|
** along with Valentina. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
**
|
||||||
|
*************************************************************************/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in the
|
||||||
|
* documentation and/or other materials provided with the distribution.
|
||||||
|
* 3. The name of the author may not be used to endorse or promote products
|
||||||
|
* derived from this software without specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||||
|
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||||
|
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
|
||||||
|
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||||
|
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||||
|
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||||
|
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||||
|
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||||
|
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef VALENTINA_STRLCPY_H
|
||||||
|
#define VALENTINA_STRLCPY_H
|
||||||
|
|
||||||
|
/* This function comes from BSD */
|
||||||
|
#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && \
|
||||||
|
!defined(__bsdi__) && !defined(__APPLE__)
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Copy src to string dst of size siz. At most siz-1 characters
|
||||||
|
* will be copied. Always NUL terminates (unless siz == 0).
|
||||||
|
* Returns strlen(src); if retval >= siz, truncation occurred.
|
||||||
|
*/
|
||||||
|
inline size_t strlcpy(char *dst, const char *src, size_t siz)
|
||||||
|
{
|
||||||
|
char *d = dst;
|
||||||
|
const char *s = src;
|
||||||
|
size_t n = siz;
|
||||||
|
|
||||||
|
/* Copy as many bytes as will fit */
|
||||||
|
if (n != 0)
|
||||||
|
{
|
||||||
|
while (--n != 0)
|
||||||
|
{
|
||||||
|
if ((*d++ = *s++) == '\0')
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Not enough room in dst, add NUL and traverse rest of src */
|
||||||
|
if (n == 0)
|
||||||
|
{
|
||||||
|
if (siz != 0)
|
||||||
|
{
|
||||||
|
*d = '\0'; /* NUL-terminate dst */
|
||||||
|
}
|
||||||
|
while (*s++)
|
||||||
|
;
|
||||||
|
}
|
||||||
|
|
||||||
|
return(s - src - 1); /* count does not include NUL */
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Appends src to string dst of size siz (unlike strncat, siz is the
|
||||||
|
* full size of dst, not space left). At most siz-1 characters
|
||||||
|
* will be copied. Always NUL terminates (unless siz <= strlen(dst)).
|
||||||
|
* Returns strlen(src) + MIN(siz, strlen(initial dst)).
|
||||||
|
* If retval >= siz, truncation occurred.
|
||||||
|
*/
|
||||||
|
inline size_t strlcat(char *dst, const char *src, size_t siz)
|
||||||
|
{
|
||||||
|
char *d = dst;
|
||||||
|
const char *s = src;
|
||||||
|
size_t n = siz;
|
||||||
|
size_t dlen;
|
||||||
|
|
||||||
|
/* Find the end of dst and adjust bytes left but don't go past end */
|
||||||
|
while (n-- != 0 && *d != '\0')
|
||||||
|
{
|
||||||
|
d++;
|
||||||
|
}
|
||||||
|
dlen = d - dst;
|
||||||
|
n = siz - dlen;
|
||||||
|
|
||||||
|
if (n == 0)
|
||||||
|
{
|
||||||
|
return(dlen + strlen(s));
|
||||||
|
}
|
||||||
|
while (*s != '\0')
|
||||||
|
{
|
||||||
|
if (n != 1)
|
||||||
|
{
|
||||||
|
*d++ = *s;
|
||||||
|
n--;
|
||||||
|
}
|
||||||
|
s++;
|
||||||
|
}
|
||||||
|
*d = '\0';
|
||||||
|
|
||||||
|
return(dlen + (s - src)); /* count does not include NUL */
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* ! __*BSD__ */
|
||||||
|
#endif // VALENTINA_STRLCPY_H
|
|
@ -24,4 +24,5 @@ HEADERS += \
|
||||||
$$PWD/dxflib/dl_writer_ascii.h \
|
$$PWD/dxflib/dl_writer_ascii.h \
|
||||||
$$PWD/vdxfengine.h \
|
$$PWD/vdxfengine.h \
|
||||||
$$PWD/vdxfpaintdevice.h \
|
$$PWD/vdxfpaintdevice.h \
|
||||||
$$PWD/dxfdef.h
|
$$PWD/dxfdef.h \
|
||||||
|
$$PWD/dxflib/strlcpy.h
|
||||||
|
|
Loading…
Reference in New Issue
Block a user