Apache OpenOffice (AOO) Bugzilla – Issue 12411
risky code string [strlen(string) - 1]
Last modified: 2017-05-20 11:30:01 UTC
This construct is used fairly extensively in sal/osl - and some instances of it have shown up on some memory issue debugging runs; it would be worth auditing the following to ensure that no empty strings are getting to this code: ./osl/mac/profile.c:466: if (Line[strlen(Line) - 1] == '\n') ./osl/mac/profile.c:467: Line[strlen(Line) - 1] = '\0'; ./osl/mac/profile.c:592: MaxLen = (MaxLen - 1 < strlen(pStr)) ? (MaxLen - 1) : strlen(pStr); ./osl/mac/profile.c:682: (! addSection(pProfile, pProfile->m_NoLines - 1, &pStr[1], strlen(pszSection)))) ./osl/os2/profile.c:331: MaxLen = (MaxLen - 1 < strlen(pStr)) ? (MaxLen - 1) : strlen(pStr); ./osl/os2/profile.c:427: (! addSection(pProfile, pProfile->m_NoLines - 1, &pStr[1], strlen(pszSection)))) ./osl/os2/profile.c:701: if ((Path[strlen(Path) - 1] != '/') && (Path[strlen(Path) - 1] != '\\')) ./osl/os2/profile.c:720: if ((Path[strlen(Path) - 1] != '/') && (Path[strlen(Path) - 1] != '\\')) ./osl/os2/profile.c:736: if ((Path[strlen(Path) - 1] != '/') && (Path[strlen(Path) - 1] != '\\')) ./osl/os2/profile.c:765: if ( Path[0]!= 0 && (Path[strlen(Path) - 1] != '/') && (Path[strlen(Path) - 1] != '\\')) ./osl/os2/profile.c:1674: if ((Path[strlen(Path) - 1] != '/') && (Path[strlen(Path) - 1] != '\\')) ./osl/os2/profile.c:1767: if ((Path[strlen(Path) - 1] != '/') && (Path[strlen(Path) - 1] != '\\')) ./osl/os2/profile.c:1836: if ((Path[strlen(Path) - 1] != '/') && (Path[strlen(Path) - 1] != '\\')) ./osl/unx/profile.c:624: MaxLen = (MaxLen - 1 < strlen(pStr)) ? (MaxLen - 1) : strlen(pStr); ./osl/unx/profile.c:786: (! addSection(pProfile, pProfile->m_NoLines - 1, &pStr[1], strlen(pszSection)))) ./osl/unx/profile.c:1261: if (Home[strlen(Home) - 1] != '/') ./osl/unx/profile.c:1266: if (Config[strlen(Config) - 1] != '/') ./osl/unx/profile.c:1368: if (Path[strlen(Path) - 1] != '/') strcat(Path, "/"); ./osl/unx/profile.c:1376: if (Path[strlen(Path) - 1] != '/') strcat(Path, "/"); ./osl/unx/profile.c:2651: if (Path[strlen(Path) - 1] != '/') ./osl/unx/profile.c:2744: if (Path[strlen(Path) - 1] != '/') ./osl/unx/profile.c:2783: if (Path[strlen(Path) - 1] != '/') ./osl/w32/profile.c:530: MaxLen = (MaxLen - 1 < strlen(pStr)) ? (MaxLen - 1) : strlen(pStr); ./osl/w32/profile.c:670: (! addSection(pProfile, pProfile->m_NoLines - 1, &pStr[1], strlen(pszSection))))
mh->obr: can you please have a look to that ?
Hi Michael, thanks for catching these issues. Unfortunatly I won't have time to fix them until 1.1 beta2, so I have to retarget this issue to 2.0 due to a missing 1.1 rc target. The profile code is on the top of the list of deprecated API, and I hope to get completly rid of it until 2.0. But to be on the safe side, we should look at these places for RC.
Forgot to accept this issue.
It doesn't look as if we were allowed to remove this code from libsal for OOo 2.0. RE-targeting to OOo Later.
obr @ hro -> please use the first chance to get rid of this code ..
Accepted
kso->mmeeks: Would you mind to submit a patch for this?
set target 3.x
How do you want resolve this bug? On what you want replace "string [strlen(string) - 1]" code?
> How do you want resolve this bug ? In a way that removes the potential crashers here :-) > On what you want replace "string [strlen(string) - 1]" code? Well - presumably some lpsz_lastChar(string) macro that does: (strlen (string) < 1 ? '0' : string[strlen(string) - 1]) or somesuch.
Reset assigne to the default "issues@openoffice.apache.org".