summaryrefslogtreecommitdiff
authorerik <erik>2007-01-26 20:26:25 (UTC)
committer erik <erik>2007-01-26 20:26:25 (UTC)
commit4688f98202f590ec6af6c2e66a49dd2f80536083 (patch) (unidiff)
tree326c92aef3382b804d51aa9a66f4148ebc91860b
parentcc5b326a212414a612838b0041e6077477ebbc70 (diff)
downloadopie-4688f98202f590ec6af6c2e66a49dd2f80536083.zip
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.gz
opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.bz2
The Expand call does not check for null termination of the URL strings
that it is expanding. Since strlen() is used with the URLs after Expand is used, it is good idea to make sure that Expand terminates the strings. This commit changes that so that the URL strings are guaranteed to be terminated after expansion.
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/apps/opie-reader/plucker_base.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/noncore/apps/opie-reader/plucker_base.cpp b/noncore/apps/opie-reader/plucker_base.cpp
index 81614f5..849edfc 100644
--- a/noncore/apps/opie-reader/plucker_base.cpp
+++ b/noncore/apps/opie-reader/plucker_base.cpp
@@ -1,159 +1,161 @@
1#include <stdio.h> 1#include <stdio.h>
2#include <string.h> 2#include <string.h>
3#include <qmessagebox.h> 3#include <qmessagebox.h>
4#include <qpixmap.h> 4#include <qpixmap.h>
5#ifdef USEQPE 5#ifdef USEQPE
6#include <qpe/qcopenvelope_qws.h> 6#include <qpe/qcopenvelope_qws.h>
7#endif /* USEQPE */ 7#endif /* USEQPE */
8#ifdef LOCALPICTURES 8#ifdef LOCALPICTURES
9#include <qscrollview.h> 9#include <qscrollview.h>
10#endif 10#endif
11#ifdef USEQPE 11#ifdef USEQPE
12#include <qpe/global.h> 12#include <qpe/global.h>
13#endif /* USEQPE */ 13#endif /* USEQPE */
14#include <qclipboard.h> 14#include <qclipboard.h>
15#ifndef USEQPE 15#ifndef USEQPE
16#include <qapplication.h> 16#include <qapplication.h>
17#else /* USEQPE */ 17#else /* USEQPE */
18#include <qpe/qpeapplication.h> 18#include <qpe/qpeapplication.h>
19#endif /* USEQPE */ 19#endif /* USEQPE */
20#include <qimage.h> 20#include <qimage.h>
21 21
22#include "plucker_base.h" 22#include "plucker_base.h"
23#include "Aportis.h" 23#include "Aportis.h"
24#include "hrule.h" 24#include "hrule.h"
25#include "decompress.h" 25#include "decompress.h"
26 26
27const UInt8 CPlucker_base::continuation_bit = 1; 27const UInt8 CPlucker_base::continuation_bit = 1;
28 28
29CPlucker_base::CPlucker_base() : 29CPlucker_base::CPlucker_base() :
30#ifdef LOCALPICTURES 30#ifdef LOCALPICTURES
31 m_viewer(NULL), 31 m_viewer(NULL),
32 m_picture(NULL), 32 m_picture(NULL),
33#endif 33#endif
34 expandedtextbuffer(NULL), 34 expandedtextbuffer(NULL),
35 compressedtextbuffer(NULL), 35 compressedtextbuffer(NULL),
36 bufferrec(-1), 36 bufferrec(-1),
37 m_offset(0) 37 m_offset(0)
38 //, urls(NULL) 38 //, urls(NULL)
39{ /*printf("constructing:%x\n",fin);*/ } 39{ /*printf("constructing:%x\n",fin);*/ }
40 40
41 41
42void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize) 42void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize)
43{ 43{
44unsuspend(); 44unsuspend();
45 if ((type%2 == 0) && (type != 14)) 45 if ((type%2 == 0) && (type != 14))
46 { 46 {
47 fread(buffer, reclen, sizeof(char), fin); 47 size_t bytes_read = fread(buffer, reclen, sizeof(char), fin);
48 buffer[bytes_read] = '\0';
48 } 49 }
49 else 50 else
50 { 51 {
51 UInt8* readbuffer = NULL; 52 UInt8* readbuffer = NULL;
52 if (reclen > compressedbuffersize) 53 if (reclen > compressedbuffersize)
53 { 54 {
54 readbuffer = new UInt8[reclen]; 55 readbuffer = new UInt8[reclen];
55 } 56 }
56 else 57 else
57 { 58 {
58 readbuffer = compressedtextbuffer; 59 readbuffer = compressedtextbuffer;
59 } 60 }
60 if (readbuffer != NULL) 61 if (readbuffer != NULL)
61 { 62 {
62 fread(readbuffer, reclen, sizeof(char), fin); 63 fread(readbuffer, reclen, sizeof(char), fin);
63 (*m_decompress)(readbuffer, reclen, buffer, buffersize); 64 size_t bytes_read = (*m_decompress)(readbuffer, reclen, buffer, buffersize);
65 buffer[bytes_read] = '\0';
64 if (reclen > compressedbuffersize) 66 if (reclen > compressedbuffersize)
65 { 67 {
66 delete [] readbuffer; 68 delete [] readbuffer;
67 } 69 }
68 } 70 }
69 } 71 }
70} 72}
71 73
72void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text) 74void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text)
73{ 75{
74 _file = file_length; 76 _file = file_length;
75 if (textlength == 0) 77 if (textlength == 0)
76 { 78 {
77 for (int recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++) 79 for (int recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++)
78 { 80 {
79 gotorecordnumber(recptr); 81 gotorecordnumber(recptr);
80 UInt16 thishdr_uid, thishdr_nParagraphs; 82 UInt16 thishdr_uid, thishdr_nParagraphs;
81 UInt32 thishdr_size; 83 UInt32 thishdr_size;
82 UInt8 thishdr_type, thishdr_reserved; 84 UInt8 thishdr_type, thishdr_reserved;
83 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 85 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
84 if (thishdr_type < 2) textlength += thishdr_size; 86 if (thishdr_type < 2) textlength += thishdr_size;
85 } 87 }
86 } 88 }
87 _text = textlength; 89 _text = textlength;
88 //ntohl(hdr0.size); 90 //ntohl(hdr0.size);
89} 91}
90 92
91char* CPlucker_base::geturl(UInt16 tgt) 93char* CPlucker_base::geturl(UInt16 tgt)
92{ 94{
93 char * pRet = NULL; 95 char * pRet = NULL;
94 gotorecordnumber(0); 96 gotorecordnumber(0);
95 fread(&hdr0, 1, 6, fin); 97 fread(&hdr0, 1, 6, fin);
96 unsigned int nrecs = ntohs(hdr0.nRecords); 98 unsigned int nrecs = ntohs(hdr0.nRecords);
97 //qDebug("Version %u, no. recs %u", ntohs(hdr0.version), nrecs); 99 //qDebug("Version %u, no. recs %u", ntohs(hdr0.version), nrecs);
98 UInt16 urlid = 0; 100 UInt16 urlid = 0;
99 bool urlsfound = false; 101 bool urlsfound = false;
100 char* urls = NULL; 102 char* urls = NULL;
101 size_t urlsize = 0; 103 size_t urlsize = 0;
102 for (unsigned int i = 0; i < nrecs; i++) 104 for (unsigned int i = 0; i < nrecs; i++)
103 { 105 {
104 UInt16 id, name; 106 UInt16 id, name;
105 fread(&name, 1, sizeof(name), fin); 107 fread(&name, 1, sizeof(name), fin);
106 fread(&id, 1, sizeof(id), fin); 108 fread(&id, 1, sizeof(id), fin);
107 //qDebug("N:%d, I:%d", ntohs(name), ntohs(id)); 109 //qDebug("N:%d, I:%d", ntohs(name), ntohs(id));
108 if (ntohs(name) == 2) 110 if (ntohs(name) == 2)
109 { 111 {
110 urlsfound = true; 112 urlsfound = true;
111 urlid = id; 113 urlid = id;
112 //qDebug("Found url index:%d", ntohs(urlid)); 114 //qDebug("Found url index:%d", ntohs(urlid));
113 } 115 }
114 ////qDebug("%x", id); 116 ////qDebug("%x", id);
115 } 117 }
116 if (urlsfound) 118 if (urlsfound)
117 { 119 {
118 unsigned short recptr = finduid(ntohs(urlid)); 120 unsigned short recptr = finduid(ntohs(urlid));
119 if (recptr != 0) 121 if (recptr != 0)
120 { 122 {
121 gotorecordnumber(recptr); 123 gotorecordnumber(recptr);
122 UInt16 thishdr_uid, thishdr_nParagraphs; 124 UInt16 thishdr_uid, thishdr_nParagraphs;
123 UInt32 thishdr_size; 125 UInt32 thishdr_size;
124 UInt8 thishdr_type, thishdr_reserved; 126 UInt8 thishdr_type, thishdr_reserved;
125 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 127 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
126 UInt16 urlctr = 0; 128 UInt16 urlctr = 0;
127 while (1) 129 while (1)
128 { 130 {
129 UInt16 tctr; 131 UInt16 tctr;
130 fread(&tctr, 1, sizeof(tctr), fin); 132 fread(&tctr, 1, sizeof(tctr), fin);
131 fread(&urlid, 1, sizeof(urlid), fin); 133 fread(&urlid, 1, sizeof(urlid), fin);
132 tctr = ntohs(tctr); 134 tctr = ntohs(tctr);
133 //qDebug("tgt:%u urlctr:%u tctr:%u", tgt, urlctr, tctr); 135 //qDebug("tgt:%u urlctr:%u tctr:%u", tgt, urlctr, tctr);
134 if (tctr >= tgt) 136 if (tctr >= tgt)
135 { 137 {
136 break; 138 break;
137 } 139 }
138 urlctr = tctr; 140 urlctr = tctr;
139 } 141 }
140 //qDebug("urls are in %d", ntohs(urlid)); 142 //qDebug("urls are in %d", ntohs(urlid));
141 recptr = finduid(ntohs(urlid)); 143 recptr = finduid(ntohs(urlid));
142 if (recptr != 0) 144 if (recptr != 0)
143 { 145 {
144 UInt32 reclen = recordlength(recptr) - HeaderSize(); 146 UInt32 reclen = recordlength(recptr) - HeaderSize();
145 gotorecordnumber(recptr); 147 gotorecordnumber(recptr);
146 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); 148 GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved);
147 //qDebug("Found urls:%x",thishdr_type); 149 //qDebug("Found urls:%x",thishdr_type);
148 urlsize = thishdr_size; 150 urlsize = thishdr_size;
149 urls = new char[urlsize]; 151 urls = new char[urlsize];
150 Expand(reclen, thishdr_type, (UInt8*)urls, urlsize); 152 Expand(reclen, thishdr_type, (UInt8*)urls, urlsize);
151 char* ptr = urls; 153 char* ptr = urls;
152 int rn = urlctr+1; 154 int rn = urlctr+1;
153 while (ptr - urls < urlsize) 155 while (ptr - urls < urlsize)
154 { 156 {
155 if (rn == tgt) 157 if (rn == tgt)
156 { 158 {
157 //qDebug("URL:%s", ptr); 159 //qDebug("URL:%s", ptr);
158 int len = strlen(ptr)+1; 160 int len = strlen(ptr)+1;
159 pRet = new char[len]; 161 pRet = new char[len];