summaryrefslogtreecommitdiff
authorerik <erik>2007-01-26 20:26:25 (UTC)
committer erik <erik>2007-01-26 20:26:25 (UTC)
commit4688f98202f590ec6af6c2e66a49dd2f80536083 (patch) (unidiff)
tree326c92aef3382b804d51aa9a66f4148ebc91860b
parentcc5b326a212414a612838b0041e6077477ebbc70 (diff)
downloadopie-4688f98202f590ec6af6c2e66a49dd2f80536083.zip
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.gz
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.bz2
The Expand call does not check for null termination of the URL strings
that it is expanding. Since strlen() is used with the URLs after Expand is used, it is good idea to make sure that Expand terminates the strings. This commit changes that so that the URL strings are guaranteed to be terminated after expansion.
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/apps/opie-reader/plucker_base.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/noncore/apps/opie-reader/plucker_base.cpp b/noncore/apps/opie-reader/plucker_base.cpp
index 81614f5..849edfc 100644
--- a/noncore/apps/opie-reader/plucker_base.cpp
+++ b/noncore/apps/opie-reader/plucker_base.cpp
@@ -35,41 +35,43 @@ CPlucker_base::CPlucker_base() :
35 compressedtextbuffer(NULL), 35 compressedtextbuffer(NULL),
36 bufferrec(-1), 36 bufferrec(-1),
37 m_offset(0) 37 m_offset(0)
38 //, urls(NULL) 38 //, urls(NULL)
39{ /*printf("constructing:%x\n",fin);*/ } 39{ /*printf("constructing:%x\n",fin);*/ }
40 40
41 41
42void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize) 42void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize)
43{ 43{
44unsuspend(); 44unsuspend();
45 if ((type%2 == 0) && (type != 14)) 45 if ((type%2 == 0) && (type != 14))
46 { 46 {
47 fread(buffer, reclen, sizeof(char), fin); 47 size_t bytes_read = fread(buffer, reclen, sizeof(char), fin);
48 buffer[bytes_read] = '\0';
48 } 49 }
49 else 50 else
50 { 51 {
51 UInt8* readbuffer = NULL; 52 UInt8* readbuffer = NULL;
52 if (reclen > compressedbuffersize) 53 if (reclen > compressedbuffersize)
53 { 54 {
54 readbuffer = new UInt8[reclen]; 55 readbuffer = new UInt8[reclen];
55 } 56 }
56 else 57 else
57 { 58 {
58 readbuffer = compressedtextbuffer; 59 readbuffer = compressedtextbuffer;
59 } 60 }
60 if (readbuffer != NULL) 61 if (readbuffer != NULL)
61 { 62 {
62 fread(readbuffer, reclen, sizeof(char), fin); 63 fread(readbuffer, reclen, sizeof(char), fin);
63 (*m_decompress)(readbuffer, reclen, buffer, buffersize); 64 size_t bytes_read = (*m_decompress)(readbuffer, reclen, buffer, buffersize);
65 buffer[bytes_read] = '\0';
64 if (reclen > compressedbuffersize) 66 if (reclen > compressedbuffersize)
65 { 67 {
66 delete [] readbuffer; 68 delete [] readbuffer;
67 } 69 }
68 } 70 }
69 } 71 }
70} 72}
71 73
72void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text) 74void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text)
73{ 75{
74 _file = file_length; 76 _file = file_length;
75 if (textlength == 0) 77 if (textlength == 0)