summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Dirk Hohndel <dirk@hohndel.org>2012-12-05 13:43:36 -0800
committerGravatar Dirk Hohndel <dirk@hohndel.org>2012-12-05 13:43:36 -0800
commitafb53e387b53e482df25889608a8777fbc9ad0ae (patch)
tree77fa5459938cc8464b1b0f442f1a715e11c7dcf8
parent240442cec95df282c9e6db2314c66380314b85fc (diff)
downloadsubsurface-afb53e387b53e482df25889608a8777fbc9ad0ae.tar.gz
Fix retrieval of object_id value in Uemis downloader
The existing code could read past the end of the buffer that was handed to it. Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r--uemis-downloader.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/uemis-downloader.c b/uemis-downloader.c
index abd131a07..722b4ea08 100644
--- a/uemis-downloader.c
+++ b/uemis-downloader.c
@@ -322,9 +322,10 @@ static gboolean next_file(int max)
static char *first_object_id_val(char* buf)
{
- char *object;
+ char *object, *bufend;
if (!buf)
return NULL;
+ bufend = buf + strlen(buf);
object = strstr(buf, "object_id");
if (object) {
/* get the value */
@@ -332,12 +333,18 @@ static char *first_object_id_val(char* buf)
char *p = object + 14;
char *t = tmp;
- if (p < buf + strlen(buf)) {
- while (*p != '{' && t < tmp + 9)
- *t++ = *p++;
+#if UEMIS_DEBUG & 2
+ char debugbuf[50];
+ strncpy(debugbuf, object, 49);
+ debugbuf[49] = '\0';
+ fprintf(debugfile, "buf |%s|\n", debugbuf);
+#endif
+ while (p < bufend && *p != '{' && t < tmp + 9)
+ *t++ = *p++;
+ if (*p == '{') {
*t = '\0';
+ return strdup(tmp);
}
- return strdup(tmp);
}
return NULL;
}
@@ -350,6 +357,9 @@ static void show_progress(char *buf, char *what)
char *val = first_object_id_val(buf);
if (val) {
/* let the user know what we are working on */
+#if UEMIS_DEBUG & 2
+ fprintf(debugfile,"reading %s %s\n", what, val);
+#endif
uemis_info(_("Reading %s %s"), what, val);
free(val);
}