summaryrefslogtreecommitdiff
authorerik <erik>2007-01-26 20:26:25 (UTC)
committer erik <erik>2007-01-26 20:26:25 (UTC)
commit4688f98202f590ec6af6c2e66a49dd2f80536083 (patch) (unidiff)
tree326c92aef3382b804d51aa9a66f4148ebc91860b
parentcc5b326a212414a612838b0041e6077477ebbc70 (diff)
downloadopie-4688f98202f590ec6af6c2e66a49dd2f80536083.zip
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.gz
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.bz2
The Expand call does not check for null termination of the URL strings
that it is expanding. Since strlen() is used with the URLs after Expand is used, it is good idea to make sure that Expand terminates the strings. This commit changes that so that the URL strings are guaranteed to be terminated after expansion.
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/apps/opie-reader/plucker_base.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/noncore/apps/opie-reader/plucker_base.cpp b/noncore/apps/opie-reader/plucker_base.cpp
index 81614f5..849edfc 100644
--- a/noncore/apps/opie-reader/plucker_base.cpp
+++ b/noncore/apps/opie-reader/plucker_base.cpp
@@ -1,319 +1,321 @@
1#include <stdio.h> 1#include <stdio.h>
2#include <string.h> 2#include <string.h>
3#include <qmessagebox.h> 3#include <qmessagebox.h>
4#include <qpixmap.h> 4#include <qpixmap.h>
5#ifdef USEQPE 5#ifdef USEQPE
6#include <qpe/qcopenvelope_qws.h> 6#include <qpe/qcopenvelope_qws.h>
7#endif /* USEQPE */ 7#endif /* USEQPE */
8#ifdef LOCALPICTURES 8#ifdef LOCALPICTURES
9#include <qscrollview.h> 9#include <qscrollview.h>
10#endif 10#endif
11#ifdef USEQPE 11#ifdef USEQPE
12#include <qpe/global.h> 12#include <qpe/global.h>
13#endif /* USEQPE */ 13#endif /* USEQPE */
14#include <qclipboard.h> 14#include <qclipboard.h>
15#ifndef USEQPE 15#ifndef USEQPE
16#include <qapplication.h> 16#include <qapplication.h>
17#else /* USEQPE */ 17#else /* USEQPE */
18#include <qpe/qpeapplication.h> 18#include <qpe/qpeapplication.h>
19#endif /* USEQPE */ 19#endif /* USEQPE */
20#include <qimage.h> 20#include <qimage.h>
21 21
22#include "plucker_base.h" 22#include "plucker_base.h"
23#include "Aportis.h" 23#include "Aportis.h"
24#include "hrule.h" 24#include "hrule.h"
25#include "decompress.h" 25#include "decompress.h"
26 26
27const UInt8 CPlucker_base::continuation_bit = 1; 27const UInt8 CPlucker_base::continuation_bit = 1;
28 28
29CPlucker_base::CPlucker_base() : 29CPlucker_base::CPlucker_base() :
30#ifdef LOCALPICTURES 30#ifdef LOCALPICTURES
31 m_viewer(NULL), 31 m_viewer(NULL),
32 m_picture(NULL), 32 m_picture(NULL),
33#endif 33#endif
34 expandedtextbuffer(NULL), 34 expandedtextbuffer(NULL),
35 compressedtextbuffer(NULL), 35 compressedtextbuffer(NULL),
36 bufferrec(-1), 36 bufferrec(-1),
37 m_offset(0) 37 m_offset(0)
38 //, urls(NULL) 38 //, urls(NULL)
39{ /*printf("constructing:%x\n",fin);*/ } 39{ /*printf("constructing:%x\n",fin);*/ }
40 40
41 41
42void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize) 42void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize)
43{ 43{
44unsuspend(); 44unsuspend();
45 if ((type%2 == 0) && (type != 14)) 45 if ((type%2 == 0) && (type != 14))
46 { 46 {
47 fread(buffer, reclen, sizeof(char), fin); 47 size_t bytes_read = fread(buffer, reclen, sizeof(char), fin);
48 buffer[bytes_read] = '\0';
48 } 49 }
49 else 50 else
50 { 51 {
51 UInt8* readbuffer = NULL; 52 UInt8* readbuffer = NULL;
52 if (reclen > compressedbuffersize) 53 if (reclen > compressedbuffersize)
53 { 54 {
54 readbuffer = new UInt8[reclen]; 55 readbuffer = new UInt8[reclen];
55 } 56 }
56 else 57 else
57 { 58 {
58 readbuffer = compressedtextbuffer; 59 readbuffer = compressedtextbuffer;
59 } 60 }
60 if (readbuffer != NULL) 61 if (readbuffer != NULL)
61 { 62 {
62 fread(readbuffer, reclen, sizeof(char), fin); 63 fread(readbuffer, reclen, sizeof(char), fin);
63 (*m_decompress)(readbuffer, reclen, buffer, buffersize); 64 size_t bytes_read = (*m_decompress)(readbuffer, reclen, buffer, buffersize);
65 buffer[bytes_read] = '\0';
64 if (reclen > compressedbuffersize) 66 if (reclen > compressedbuffersize)
65 { 67 {
66 delete [] readbuffer; 68 delete [] readbuffer;
67 } 69 }
68 } 70 }
69 } 71 }
70} 72}
71 73
72void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text) 74void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text)
73{ 75{
74 _file = file_length; 76 _file = file_length;
75 if (textlength == 0) 77 if (textlength == 0)
76 { 78 {
77 for (int recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++) 79 for (int recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++)
78 { 80 {
79 gotorecordnumber(recptr); 81 gotorecordnumber(recptr);
80 UInt16 thishdr_uid, thishdr_nParagraphs; 82 UInt16 thishdr_uid, thishdr_nParagraphs;
81 UInt32 thishdr_size; 83 UInt32 thishdr_size;
82 UInt8 thishdr_type, thishdr_reserved; 84 UInt8 thishdr_type, thishdr_reserved;
83 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 85 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
84 if (thishdr_type < 2) textlength += thishdr_size; 86 if (thishdr_type < 2) textlength += thishdr_size;
85 } 87 }
86 } 88 }
87 _text = textlength; 89 _text = textlength;
88 //ntohl(hdr0.size); 90 //ntohl(hdr0.size);
89} 91}
90 92
91char* CPlucker_base::geturl(UInt16 tgt) 93char* CPlucker_base::geturl(UInt16 tgt)
92{ 94{
93 char * pRet = NULL; 95 char * pRet = NULL;
94 gotorecordnumber(0); 96 gotorecordnumber(0);
95 fread(&hdr0, 1, 6, fin); 97 fread(&hdr0, 1, 6, fin);
96 unsigned int nrecs = ntohs(hdr0.nRecords); 98 unsigned int nrecs = ntohs(hdr0.nRecords);
97 //qDebug("Version %u, no. recs %u", ntohs(hdr0.version), nrecs); 99 //qDebug("Version %u, no. recs %u", ntohs(hdr0.version), nrecs);
98 UInt16 urlid = 0; 100 UInt16 urlid = 0;
99 bool urlsfound = false; 101 bool urlsfound = false;
100 char* urls = NULL; 102 char* urls = NULL;
101 size_t urlsize = 0; 103 size_t urlsize = 0;
102 for (unsigned int i = 0; i < nrecs; i++) 104 for (unsigned int i = 0; i < nrecs; i++)
103 { 105 {
104 UInt16 id, name; 106 UInt16 id, name;
105 fread(&name, 1, sizeof(name), fin); 107 fread(&name, 1, sizeof(name), fin);
106 fread(&id, 1, sizeof(id), fin); 108 fread(&id, 1, sizeof(id), fin);
107 //qDebug("N:%d, I:%d", ntohs(name), ntohs(id)); 109 //qDebug("N:%d, I:%d", ntohs(name), ntohs(id));
108 if (ntohs(name) == 2) 110 if (ntohs(name) == 2)
109 { 111 {
110 urlsfound = true; 112 urlsfound = true;
111 urlid = id; 113 urlid = id;
112 //qDebug("Found url index:%d", ntohs(urlid)); 114 //qDebug("Found url index:%d", ntohs(urlid));
113 } 115 }
114 ////qDebug("%x", id); 116 ////qDebug("%x", id);
115 } 117 }
116 if (urlsfound) 118 if (urlsfound)
117 { 119 {
118 unsigned short recptr = finduid(ntohs(urlid)); 120 unsigned short recptr = finduid(ntohs(urlid));
119 if (recptr != 0) 121 if (recptr != 0)
120 { 122 {
121 gotorecordnumber(recptr); 123 gotorecordnumber(recptr);
122 UInt16 thishdr_uid, thishdr_nParagraphs; 124 UInt16 thishdr_uid, thishdr_nParagraphs;
123 UInt32 thishdr_size; 125 UInt32 thishdr_size;
124 UInt8 thishdr_type, thishdr_reserved; 126 UInt8 thishdr_type, thishdr_reserved;
125 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 127 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
126 UInt16 urlctr = 0; 128 UInt16 urlctr = 0;
127 while (1) 129 while (1)
128 { 130 {
129 UInt16 tctr; 131 UInt16 tctr;
130 fread(&tctr, 1, sizeof(tctr), fin); 132 fread(&tctr, 1, sizeof(tctr), fin);
131 fread(&urlid, 1, sizeof(urlid), fin); 133 fread(&urlid, 1, sizeof(urlid), fin);
132 tctr = ntohs(tctr); 134 tctr = ntohs(tctr);
133 //qDebug("tgt:%u urlctr:%u tctr:%u", tgt, urlctr, tctr); 135 //qDebug("tgt:%u urlctr:%u tctr:%u", tgt, urlctr, tctr);
134 if (tctr >= tgt) 136 if (tctr >= tgt)
135 { 137 {
136 break; 138 break;
137 } 139 }
138 urlctr = tctr; 140 urlctr = tctr;
139 } 141 }
140 //qDebug("urls are in %d", ntohs(urlid)); 142 //qDebug("urls are in %d", ntohs(urlid));
141 recptr = finduid(ntohs(urlid)); 143 recptr = finduid(ntohs(urlid));
142 if (recptr != 0) 144 if (recptr != 0)
143 { 145 {
144 UInt32 reclen = recordlength(recptr) - HeaderSize(); 146 UInt32 reclen = recordlength(recptr) - HeaderSize();
145 gotorecordnumber(recptr); 147 gotorecordnumber(recptr);
146 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 148 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
147 //qDebug("Found urls:%x",thishdr_type); 149 //qDebug("Found urls:%x",thishdr_type);
148 urlsize = thishdr_size; 150 urlsize = thishdr_size;
149 urls = new char[urlsize]; 151 urls = new char[urlsize];
150 Expand(reclen, thishdr_type, (UInt8*)urls, urlsize); 152 Expand(reclen, thishdr_type, (UInt8*)urls, urlsize);
151 char* ptr = urls; 153 char* ptr = urls;
152 int rn = urlctr+1; 154 int rn = urlctr+1;
153 while (ptr - urls < urlsize) 155 while (ptr - urls < urlsize)
154 { 156 {
155 if (rn == tgt) 157 if (rn == tgt)
156 { 158 {
157 //qDebug("URL:%s", ptr); 159 //qDebug("URL:%s", ptr);
158 int len = strlen(ptr)+1; 160 int len = strlen(ptr)+1;
159 pRet = new char[len]; 161 pRet = new char[len];
160 memcpy(pRet, ptr, len); 162 memcpy(pRet, ptr, len);
161 break; 163 break;
162 } 164 }
163 ptr += strlen(ptr)+1; 165 ptr += strlen(ptr)+1;
164 rn++; 166 rn++;
165 } 167 }
166 delete [] urls; 168 delete [] urls;
167 } 169 }
168 } 170 }
169 } 171 }
170 else 172 else
171 { 173 {
172 pRet = NULL; 174 pRet = NULL;
173 } 175 }
174 return pRet; 176 return pRet;
175} 177}
176 178
177CPlucker_base::~CPlucker_base() 179CPlucker_base::~CPlucker_base()
178{ 180{
179 if (expandedtextbuffer != NULL) delete [] expandedtextbuffer; 181 if (expandedtextbuffer != NULL) delete [] expandedtextbuffer;
180 if (compressedtextbuffer != NULL) delete [] compressedtextbuffer; 182 if (compressedtextbuffer != NULL) delete [] compressedtextbuffer;
181#ifdef LOCALPICTURES 183#ifdef LOCALPICTURES
182 if (m_viewer != NULL) delete m_viewer; 184 if (m_viewer != NULL) delete m_viewer;
183#endif 185#endif
184} 186}
185 187
186int CPlucker_base::getch() { return getch(false); } 188int CPlucker_base::getch() { return getch(false); }
187 189
188void CPlucker_base::getch(tchar& ch, CStyle& sty, unsigned long& pos) 190void CPlucker_base::getch(tchar& ch, CStyle& sty, unsigned long& pos)
189{ 191{
190 pos = locate(); 192 pos = locate();
191 ch = getch(false); 193 ch = getch(false);
192 sty = mystyle; 194 sty = mystyle;
193} 195}
194 196
195unsigned int CPlucker_base::locate() 197unsigned int CPlucker_base::locate()
196{ 198{
197 return currentpos; 199 return currentpos;
198 /* 200 /*
199 UInt16 thisrec = 1; 201 UInt16 thisrec = 1;
200 unsigned long locpos = 0; 202 unsigned long locpos = 0;
201 gotorecordnumber(thisrec); 203 gotorecordnumber(thisrec);
202 UInt16 thishdr_uid, thishdr_nParagraphs; 204 UInt16 thishdr_uid, thishdr_nParagraphs;
203 UInt32 thishdr_size; 205 UInt32 thishdr_size;
204 UInt8 thishdr_type, thishdr_reserved; 206 UInt8 thishdr_type, thishdr_reserved;
205 while (thisrec < bufferrec) 207 while (thisrec < bufferrec)
206 { 208 {
207 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 209 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
208 if (thishdr_type < 2) locpos += thishdr_size; 210 if (thishdr_type < 2) locpos += thishdr_size;
209 thisrec++; 211 thisrec++;
210 gotorecordnumber(thisrec); 212 gotorecordnumber(thisrec);
211 } 213 }
212 return locpos+bufferpos; 214 return locpos+bufferpos;
213 */ 215 */
214} 216}
215 217
216void CPlucker_base::locate(unsigned int n) 218void CPlucker_base::locate(unsigned int n)
217{ 219{
218 220
219 // clock_t start = clock(); 221 // clock_t start = clock();
220 if (n >= currentpos-bufferpos && n < currentpos - bufferpos + buffercontent) 222 if (n >= currentpos-bufferpos && n < currentpos - bufferpos + buffercontent)
221 { 223 {
222 currentpos -= bufferpos; 224 currentpos -= bufferpos;
223 expand(bufferrec); 225 expand(bufferrec);
224 while (currentpos < n && bufferpos < buffercontent) getch_base(true); 226 while (currentpos < n && bufferpos < buffercontent) getch_base(true);
225 return; 227 return;
226 } 228 }
227 /* 229 /*
228 230
229 UInt32 textlength = currentpos - bufferpos; 231 UInt32 textlength = currentpos - bufferpos;
230 UInt16 recptr = bufferrec; 232 UInt16 recptr = bufferrec;
231 if (n < textlength/2) 233 if (n < textlength/2)
232 { 234 {
233 textlength = 0; 235 textlength = 0;
234 UInt16 thishdr_uid, thishdr_nParagraphs; 236 UInt16 thishdr_uid, thishdr_nParagraphs;
235 UInt32 thishdr_size = buffercontent; 237 UInt32 thishdr_size = buffercontent;
236 UInt8 thishdr_type, thishdr_reserved; 238 UInt8 thishdr_type, thishdr_reserved;
237 for (recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++) 239 for (recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++)
238 { 240 {
239 gotorecordnumber(recptr); 241 gotorecordnumber(recptr);
240 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 242 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
241 if (thishdr_type < 2) 243 if (thishdr_type < 2)
242 { 244 {
243 textlength += thishdr_size; 245 textlength += thishdr_size;
244 if (textlength > n) 246 if (textlength > n)
245 { 247 {
246 textlength -= thishdr_size; 248 textlength -= thishdr_size;
247 break; 249 break;
248 } 250 }
249 } 251 }
250 } 252 }
251 } 253 }
252 else if (n < textlength) 254 else if (n < textlength)
253 { 255 {
254 UInt16 thishdr_uid, thishdr_nParagraphs; 256 UInt16 thishdr_uid, thishdr_nParagraphs;
255 UInt32 thishdr_size; 257 UInt32 thishdr_size;
256 UInt8 thishdr_type, thishdr_reserved; 258 UInt8 thishdr_type, thishdr_reserved;
257 while (n < textlength && recptr > 1) 259 while (n < textlength && recptr > 1)
258 { 260 {
259 recptr--; 261 recptr--;
260 gotorecordnumber(recptr); 262 gotorecordnumber(recptr);
261 //qDebug("recptr:%u", recptr); 263 //qDebug("recptr:%u", recptr);
262 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 264 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
263 if (thishdr_type < 2) 265 if (thishdr_type < 2)
264 { 266 {
265 textlength -= thishdr_size; 267 textlength -= thishdr_size;
266 } 268 }
267 } 269 }
268 } 270 }
269 else 271 else
270 { 272 {
271 UInt16 thishdr_uid, thishdr_nParagraphs; 273 UInt16 thishdr_uid, thishdr_nParagraphs;
272 UInt32 thishdr_size = buffercontent; 274 UInt32 thishdr_size = buffercontent;
273 UInt8 thishdr_type, thishdr_reserved; 275 UInt8 thishdr_type, thishdr_reserved;
274 while (n > textlength + thishdr_size && recptr < ntohs(head.recordList.numRecords)-1) 276 while (n > textlength + thishdr_size && recptr < ntohs(head.recordList.numRecords)-1)
275 { 277 {
276 textlength += thishdr_size; 278 textlength += thishdr_size;
277 recptr++; 279 recptr++;
278 gotorecordnumber(recptr); 280 gotorecordnumber(recptr);
279 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 281 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
280 if (!(thishdr_type < 2)) 282 if (!(thishdr_type < 2))
281 { 283 {
282 thishdr_size = 0; 284 thishdr_size = 0;
283 } 285 }
284 } 286 }
285 } 287 }
286 288
287 */ 289 */
288 UInt16 thisrec = 0; 290 UInt16 thisrec = 0;
289 unsigned long locpos = 0; 291 unsigned long locpos = 0;
290 unsigned long bs = 0; 292 unsigned long bs = 0;
291 unsigned int np1 = n+1; 293 unsigned int np1 = n+1;
292 UInt16 thishdr_uid, thishdr_nParagraphs; 294 UInt16 thishdr_uid, thishdr_nParagraphs;
293 UInt32 thishdr_size; 295 UInt32 thishdr_size;
294 UInt8 thishdr_type, thishdr_reserved; 296 UInt8 thishdr_type, thishdr_reserved;
295 do 297 do
296 { 298 {
297 thisrec++; 299 thisrec++;
298 locpos += bs; 300 locpos += bs;
299 gotorecordnumber(thisrec); 301 gotorecordnumber(thisrec);
300 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 302 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
301 if (thishdr_type < 2) 303 if (thishdr_type < 2)
302 { 304 {
303 bs = thishdr_size; 305 bs = thishdr_size;
304 } 306 }
305 else 307 else
306 { 308 {
307 bs = 0; 309 bs = 0;
308 } 310 }
309 } while (locpos + bs < np1); 311 } while (locpos + bs < np1);
310 312
311 // qDebug("Time(2): %u", clock()-start); 313 // qDebug("Time(2): %u", clock()-start);
312 /* 314 /*
313 if (recptr != thisrec) 315 if (recptr != thisrec)
314 { 316 {
315 qDebug("Disaster:recptr:%u thisrec:%u", recptr, thisrec); 317 qDebug("Disaster:recptr:%u thisrec:%u", recptr, thisrec);
316 UInt16 thishdr_uid, thishdr_nParagraphs; 318 UInt16 thishdr_uid, thishdr_nParagraphs;
317 UInt32 thishdr_size = buffercontent; 319 UInt32 thishdr_size = buffercontent;
318 UInt8 thishdr_type, thishdr_reserved; 320 UInt8 thishdr_type, thishdr_reserved;
319 for (recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++) 321 for (recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++)