summaryrefslogtreecommitdiff
authorerik <erik>2007-01-26 20:26:25 (UTC)
committer erik <erik>2007-01-26 20:26:25 (UTC)
commit4688f98202f590ec6af6c2e66a49dd2f80536083 (patch) (side-by-side diff)
tree326c92aef3382b804d51aa9a66f4148ebc91860b
parentcc5b326a212414a612838b0041e6077477ebbc70 (diff)
downloadopie-4688f98202f590ec6af6c2e66a49dd2f80536083.zip
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.gz
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.bz2
The Expand call does not check for null termination of the URL strings
that it is expanding. Since strlen() is used with the URLs after Expand is used, it is good idea to make sure that Expand terminates the strings. This commit changes that so that the URL strings are guaranteed to be terminated after expansion.
Diffstat (more/less context) (show whitespace changes)
-rw-r--r--noncore/apps/opie-reader/plucker_base.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/noncore/apps/opie-reader/plucker_base.cpp b/noncore/apps/opie-reader/plucker_base.cpp
index 81614f5..849edfc 100644
--- a/noncore/apps/opie-reader/plucker_base.cpp
+++ b/noncore/apps/opie-reader/plucker_base.cpp
@@ -1,191 +1,193 @@
#include <stdio.h>
#include <string.h>
#include <qmessagebox.h>
#include <qpixmap.h>
#ifdef USEQPE
#include <qpe/qcopenvelope_qws.h>
#endif /* USEQPE */
#ifdef LOCALPICTURES
#include <qscrollview.h>
#endif
#ifdef USEQPE
#include <qpe/global.h>
#endif /* USEQPE */
#include <qclipboard.h>
#ifndef USEQPE
#include <qapplication.h>
#else /* USEQPE */
#include <qpe/qpeapplication.h>
#endif /* USEQPE */
#include <qimage.h>
#include "plucker_base.h"
#include "Aportis.h"
#include "hrule.h"
#include "decompress.h"
const UInt8 CPlucker_base::continuation_bit = 1;
CPlucker_base::CPlucker_base() :
#ifdef LOCALPICTURES
m_viewer(NULL),
m_picture(NULL),
#endif
expandedtextbuffer(NULL),
compressedtextbuffer(NULL),
bufferrec(-1),
m_offset(0)
//, urls(NULL)
{ /*printf("constructing:%x\n",fin);*/ }
void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize)
{
unsuspend();
if ((type%2 == 0) && (type != 14))
{
- fread(buffer, reclen, sizeof(char), fin);
+ size_t bytes_read = fread(buffer, reclen, sizeof(char), fin);
+ buffer[bytes_read] = '\0';
}
else
{
UInt8* readbuffer = NULL;
if (reclen > compressedbuffersize)
{
readbuffer = new UInt8[reclen];
}
else
{
readbuffer = compressedtextbuffer;
}
if (readbuffer != NULL)
{
fread(readbuffer, reclen, sizeof(char), fin);
- (*m_decompress)(readbuffer, reclen, buffer, buffersize);
+ size_t bytes_read = (*m_decompress)(readbuffer, reclen, buffer, buffersize);
+ buffer[bytes_read] = '\0';
if (reclen > compressedbuffersize)
{
delete [] readbuffer;
}
}
}
}
void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text)
{
_file = file_length;
if (textlength == 0)
{
for (int recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++)
{
gotorecordnumber(recptr);
UInt16 thishdr_uid, thishdr_nParagraphs;
UInt32 thishdr_size;
UInt8 thishdr_type, thishdr_reserved;
GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
if (thishdr_type < 2) textlength += thishdr_size;
}
}
_text = textlength;
//ntohl(hdr0.size);
}
char* CPlucker_base::geturl(UInt16 tgt)
{
char * pRet = NULL;
gotorecordnumber(0);
fread(&hdr0, 1, 6, fin);
unsigned int nrecs = ntohs(hdr0.nRecords);
//qDebug("Version %u, no. recs %u", ntohs(hdr0.version), nrecs);
UInt16 urlid = 0;
bool urlsfound = false;
char* urls = NULL;
size_t urlsize = 0;
for (unsigned int i = 0; i < nrecs; i++)
{
UInt16 id, name;
fread(&name, 1, sizeof(name), fin);
fread(&id, 1, sizeof(id), fin);
//qDebug("N:%d, I:%d", ntohs(name), ntohs(id));
if (ntohs(name) == 2)
{
urlsfound = true;
urlid = id;
//qDebug("Found url index:%d", ntohs(urlid));
}
// //qDebug("%x", id);
}
if (urlsfound)
{
unsigned short recptr = finduid(ntohs(urlid));
if (recptr != 0)
{
gotorecordnumber(recptr);
UInt16 thishdr_uid, thishdr_nParagraphs;
UInt32 thishdr_size;
UInt8 thishdr_type, thishdr_reserved;
GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
UInt16 urlctr = 0;
while (1)
{
UInt16 tctr;
fread(&tctr, 1, sizeof(tctr), fin);
fread(&urlid, 1, sizeof(urlid), fin);
tctr = ntohs(tctr);
//qDebug("tgt:%u urlctr:%u tctr:%u", tgt, urlctr, tctr);
if (tctr >= tgt)
{
break;
}
urlctr = tctr;
}
//qDebug("urls are in %d", ntohs(urlid));
recptr = finduid(ntohs(urlid));
if (recptr != 0)
{
UInt32 reclen = recordlength(recptr) - HeaderSize();
gotorecordnumber(recptr);
GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
//qDebug("Found urls:%x",thishdr_type);
urlsize = thishdr_size;
urls = new char[urlsize];
Expand(reclen, thishdr_type, (UInt8*)urls, urlsize);
char* ptr = urls;
int rn = urlctr+1;
while (ptr - urls < urlsize)
{
if (rn == tgt)
{
//qDebug("URL:%s", ptr);
int len = strlen(ptr)+1;
pRet = new char[len];
memcpy(pRet, ptr, len);
break;
}
ptr += strlen(ptr)+1;
rn++;
}
delete [] urls;
}
}
}
else
{
pRet = NULL;
}
return pRet;
}
CPlucker_base::~CPlucker_base()
{
if (expandedtextbuffer != NULL) delete [] expandedtextbuffer;
if (compressedtextbuffer != NULL) delete [] compressedtextbuffer;
#ifdef LOCALPICTURES
if (m_viewer != NULL) delete m_viewer;
#endif
}
int CPlucker_base::getch() { return getch(false); }
void CPlucker_base::getch(tchar& ch, CStyle& sty, unsigned long& pos)
{
pos = locate();
ch = getch(false);