summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Dirk Hohndel <dirk@hohndel.org>2015-10-01 21:49:00 -0400
committerGravatar Dirk Hohndel <dirk@hohndel.org>2015-10-01 22:02:01 -0400
commitdf51171352cb615cfa792ece05554afa212a3cbc (patch)
treed3e62f130c6a2994051bc0c5f38289f1c0e4286f
parentdd58402ef35ef8971920810768b87717c2a2169d (diff)
downloadsubsurface-df51171352cb615cfa792ece05554afa212a3cbc.tar.gz
Avoid possible NULL pointer dereference
This makes the code more robust in case the Uemis returns random or non-sensical data. It's unlikely the user has a billion dives or that the Uemis returns such a number. That's no reason not to handle this case without crashing. Coverity CID 1325289 Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r--uemis-downloader.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/uemis-downloader.c b/uemis-downloader.c
index af0d6ced1..b79890599 100644
--- a/uemis-downloader.c
+++ b/uemis-downloader.c
@@ -840,11 +840,17 @@ static bool process_raw_buffer(device_data_t *devdata, uint32_t deviceid, char *
* at the time it's being read the *dive varible is not set because
* the dive_no tag comes before the object_id in the uemis ans file
*/
+ dive_no[0] = '\0';
char *dive_no_buf = strdup(inbuf);
char *dive_no_ptr = strstr(dive_no_buf, "dive_no{int{") + 12;
- char *dive_no_end = strstr(dive_no_ptr, "{");
- *dive_no_end = 0;
- strcpy(dive_no, dive_no_ptr);
+ if (dive_no_ptr) {
+ char *dive_no_end = strstr(dive_no_ptr, "{");
+ if (dive_no_end) {
+ *dive_no_end = '\0';
+ strncpy(dive_no, dive_no_ptr, 9);
+ dive_no[9] = '\0';
+ }
+ }
free(dive_no_buf);
}
while (!done) {