diff options
author | Anton Lundin <glance@acc.umu.se> | 2013-12-11 21:21:51 +0100 |
---|---|---|
committer | Dirk Hohndel <dirk@hohndel.org> | 2013-12-11 22:19:15 +0100 |
commit | 78acf20848c071cfd1705cbe3bea1d60373a022a (patch) | |
tree | 5294c120ecaa1b29f08925f12637cca24f1670b4 | |
parent | 160fb321bcf0c41770464d5272ea24f1e01d50dc (diff) | |
download | subsurface-78acf20848c071cfd1705cbe3bea1d60373a022a.tar.gz |
Don't crash on loading tags longer than 127 chars
We didn't enforce a limit on tag length, but we would crash on a tag
longer than 127 chars.
This uses the xml buffer as scratch space. Don't really know if this is
fair, but it looks like it works.
Signed-off-by: Anton Lundin <glance@acc.umu.se>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r-- | parse-xml.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/parse-xml.c b/parse-xml.c index 633b44856..52abf895a 100644 --- a/parse-xml.c +++ b/parse-xml.c @@ -218,7 +218,6 @@ enum ParseState {FINDSTART, FINDEND}; static void divetags(char *buffer, void *_tags) { struct tag_entry *tags = _tags; - char tag[128]; int i = 0, start = 0, end = 0; enum ParseState state = FINDEND; i=0; @@ -230,10 +229,9 @@ static void divetags(char *buffer, void *_tags) /* Found end of tag */ if (i > 1) { if(buffer[i-1] != '\\') { - strncpy(tag, buffer+start, end-start+1); - tag[end-start+1] = '\0'; + buffer[end-start+1] = '\0'; state=FINDSTART; - taglist_add_tag(tags, tag); + taglist_add_tag(tags, buffer+start); } } else { state=FINDSTART; @@ -256,9 +254,9 @@ static void divetags(char *buffer, void *_tags) if (end < start) end = strlen(buffer)-1; if (strlen(buffer) > 0) { - strncpy(tag, buffer+start, end-start+1); - tag[end-start+1] = '\0'; - taglist_add_tag(tags, tag); + buffer[end-start+1] = '\0'; + state=FINDSTART; + taglist_add_tag(tags, buffer+start); } } } |