summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Anton Lundin <glance@acc.umu.se>2013-12-11 21:21:51 +0100
committerGravatar Dirk Hohndel <dirk@hohndel.org>2013-12-11 22:19:15 +0100
commit78acf20848c071cfd1705cbe3bea1d60373a022a (patch)
tree5294c120ecaa1b29f08925f12637cca24f1670b4
parent160fb321bcf0c41770464d5272ea24f1e01d50dc (diff)
downloadsubsurface-78acf20848c071cfd1705cbe3bea1d60373a022a.tar.gz
Don't crash on loading tags longer than 127 chars
We didn't enforce a limit on tag length, but we would crash on a tag longer than 127 chars. This uses the xml buffer as scratch space. Don't really know if this is fair, but it looks like it works. Signed-off-by: Anton Lundin <glance@acc.umu.se> Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r--parse-xml.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/parse-xml.c b/parse-xml.c
index 633b44856..52abf895a 100644
--- a/parse-xml.c
+++ b/parse-xml.c
@@ -218,7 +218,6 @@ enum ParseState {FINDSTART, FINDEND};
static void divetags(char *buffer, void *_tags)
{
struct tag_entry *tags = _tags;
- char tag[128];
int i = 0, start = 0, end = 0;
enum ParseState state = FINDEND;
i=0;
@@ -230,10 +229,9 @@ static void divetags(char *buffer, void *_tags)
/* Found end of tag */
if (i > 1) {
if(buffer[i-1] != '\\') {
- strncpy(tag, buffer+start, end-start+1);
- tag[end-start+1] = '\0';
+ buffer[end-start+1] = '\0';
state=FINDSTART;
- taglist_add_tag(tags, tag);
+ taglist_add_tag(tags, buffer+start);
}
} else {
state=FINDSTART;
@@ -256,9 +254,9 @@ static void divetags(char *buffer, void *_tags)
if (end < start)
end = strlen(buffer)-1;
if (strlen(buffer) > 0) {
- strncpy(tag, buffer+start, end-start+1);
- tag[end-start+1] = '\0';
- taglist_add_tag(tags, tag);
+ buffer[end-start+1] = '\0';
+ state=FINDSTART;
+ taglist_add_tag(tags, buffer+start);
}
}
}