diff options
author | Dirk Hohndel <dirk@hohndel.org> | 2015-10-01 21:49:00 -0400 |
---|---|---|
committer | Dirk Hohndel <dirk@hohndel.org> | 2015-10-01 22:02:01 -0400 |
commit | df51171352cb615cfa792ece05554afa212a3cbc (patch) | |
tree | d3e62f130c6a2994051bc0c5f38289f1c0e4286f | |
parent | dd58402ef35ef8971920810768b87717c2a2169d (diff) | |
download | subsurface-df51171352cb615cfa792ece05554afa212a3cbc.tar.gz |
Avoid possible NULL pointer dereference
This makes the code more robust in case the Uemis returns random or
non-sensical data. It's unlikely the user has a billion dives or that the
Uemis returns such a number. That's no reason not to handle this case
without crashing.
Coverity CID 1325289
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r-- | uemis-downloader.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/uemis-downloader.c b/uemis-downloader.c index af0d6ced1..b79890599 100644 --- a/uemis-downloader.c +++ b/uemis-downloader.c @@ -840,11 +840,17 @@ static bool process_raw_buffer(device_data_t *devdata, uint32_t deviceid, char * * at the time it's being read the *dive varible is not set because * the dive_no tag comes before the object_id in the uemis ans file */ + dive_no[0] = '\0'; char *dive_no_buf = strdup(inbuf); char *dive_no_ptr = strstr(dive_no_buf, "dive_no{int{") + 12; - char *dive_no_end = strstr(dive_no_ptr, "{"); - *dive_no_end = 0; - strcpy(dive_no, dive_no_ptr); + if (dive_no_ptr) { + char *dive_no_end = strstr(dive_no_ptr, "{"); + if (dive_no_end) { + *dive_no_end = '\0'; + strncpy(dive_no, dive_no_ptr, 9); + dive_no[9] = '\0'; + } + } free(dive_no_buf); } while (!done) { |