author | erik <erik> | 2007-01-26 20:26:25 (UTC) |
---|---|---|
committer | erik <erik> | 2007-01-26 20:26:25 (UTC) |
commit | 4688f98202f590ec6af6c2e66a49dd2f80536083 (patch) (unidiff) | |
tree | 326c92aef3382b804d51aa9a66f4148ebc91860b | |
parent | cc5b326a212414a612838b0041e6077477ebbc70 (diff) | |
download | opie-4688f98202f590ec6af6c2e66a49dd2f80536083.zip opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.gz opie-4688f98202f590ec6af6c2e66a49dd2f80536083.tar.bz2 |
The Expand call does not check for null termination of the URL strings
that it is expanding. Since strlen() is used with the URLs after Expand
is used, it is good idea to make sure that Expand terminates the strings.
This commit changes that so that the URL strings are guaranteed to be
terminated after expansion.
-rw-r--r-- | noncore/apps/opie-reader/plucker_base.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/noncore/apps/opie-reader/plucker_base.cpp b/noncore/apps/opie-reader/plucker_base.cpp index 81614f5..849edfc 100644 --- a/noncore/apps/opie-reader/plucker_base.cpp +++ b/noncore/apps/opie-reader/plucker_base.cpp | |||
@@ -1,159 +1,161 @@ | |||
1 | #include <stdio.h> | 1 | #include <stdio.h> |
2 | #include <string.h> | 2 | #include <string.h> |
3 | #include <qmessagebox.h> | 3 | #include <qmessagebox.h> |
4 | #include <qpixmap.h> | 4 | #include <qpixmap.h> |
5 | #ifdef USEQPE | 5 | #ifdef USEQPE |
6 | #include <qpe/qcopenvelope_qws.h> | 6 | #include <qpe/qcopenvelope_qws.h> |
7 | #endif /* USEQPE */ | 7 | #endif /* USEQPE */ |
8 | #ifdef LOCALPICTURES | 8 | #ifdef LOCALPICTURES |
9 | #include <qscrollview.h> | 9 | #include <qscrollview.h> |
10 | #endif | 10 | #endif |
11 | #ifdef USEQPE | 11 | #ifdef USEQPE |
12 | #include <qpe/global.h> | 12 | #include <qpe/global.h> |
13 | #endif /* USEQPE */ | 13 | #endif /* USEQPE */ |
14 | #include <qclipboard.h> | 14 | #include <qclipboard.h> |
15 | #ifndef USEQPE | 15 | #ifndef USEQPE |
16 | #include <qapplication.h> | 16 | #include <qapplication.h> |
17 | #else /* USEQPE */ | 17 | #else /* USEQPE */ |
18 | #include <qpe/qpeapplication.h> | 18 | #include <qpe/qpeapplication.h> |
19 | #endif /* USEQPE */ | 19 | #endif /* USEQPE */ |
20 | #include <qimage.h> | 20 | #include <qimage.h> |
21 | 21 | ||
22 | #include "plucker_base.h" | 22 | #include "plucker_base.h" |
23 | #include "Aportis.h" | 23 | #include "Aportis.h" |
24 | #include "hrule.h" | 24 | #include "hrule.h" |
25 | #include "decompress.h" | 25 | #include "decompress.h" |
26 | 26 | ||
27 | const UInt8 CPlucker_base::continuation_bit = 1; | 27 | const UInt8 CPlucker_base::continuation_bit = 1; |
28 | 28 | ||
29 | CPlucker_base::CPlucker_base() : | 29 | CPlucker_base::CPlucker_base() : |
30 | #ifdef LOCALPICTURES | 30 | #ifdef LOCALPICTURES |
31 | m_viewer(NULL), | 31 | m_viewer(NULL), |
32 | m_picture(NULL), | 32 | m_picture(NULL), |
33 | #endif | 33 | #endif |
34 | expandedtextbuffer(NULL), | 34 | expandedtextbuffer(NULL), |
35 | compressedtextbuffer(NULL), | 35 | compressedtextbuffer(NULL), |
36 | bufferrec(-1), | 36 | bufferrec(-1), |
37 | m_offset(0) | 37 | m_offset(0) |
38 | //, urls(NULL) | 38 | //, urls(NULL) |
39 | { /*printf("constructing:%x\n",fin);*/ } | 39 | { /*printf("constructing:%x\n",fin);*/ } |
40 | 40 | ||
41 | 41 | ||
42 | void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize) | 42 | void CPlucker_base::Expand(UInt32 reclen, UInt8 type, UInt8* buffer, UInt32 buffersize) |
43 | { | 43 | { |
44 | unsuspend(); | 44 | unsuspend(); |
45 | if ((type%2 == 0) && (type != 14)) | 45 | if ((type%2 == 0) && (type != 14)) |
46 | { | 46 | { |
47 | fread(buffer, reclen, sizeof(char), fin); | 47 | size_t bytes_read = fread(buffer, reclen, sizeof(char), fin); |
48 | buffer[bytes_read] = '\0'; | ||
48 | } | 49 | } |
49 | else | 50 | else |
50 | { | 51 | { |
51 | UInt8* readbuffer = NULL; | 52 | UInt8* readbuffer = NULL; |
52 | if (reclen > compressedbuffersize) | 53 | if (reclen > compressedbuffersize) |
53 | { | 54 | { |
54 | readbuffer = new UInt8[reclen]; | 55 | readbuffer = new UInt8[reclen]; |
55 | } | 56 | } |
56 | else | 57 | else |
57 | { | 58 | { |
58 | readbuffer = compressedtextbuffer; | 59 | readbuffer = compressedtextbuffer; |
59 | } | 60 | } |
60 | if (readbuffer != NULL) | 61 | if (readbuffer != NULL) |
61 | { | 62 | { |
62 | fread(readbuffer, reclen, sizeof(char), fin); | 63 | fread(readbuffer, reclen, sizeof(char), fin); |
63 | (*m_decompress)(readbuffer, reclen, buffer, buffersize); | 64 | size_t bytes_read = (*m_decompress)(readbuffer, reclen, buffer, buffersize); |
65 | buffer[bytes_read] = '\0'; | ||
64 | if (reclen > compressedbuffersize) | 66 | if (reclen > compressedbuffersize) |
65 | { | 67 | { |
66 | delete [] readbuffer; | 68 | delete [] readbuffer; |
67 | } | 69 | } |
68 | } | 70 | } |
69 | } | 71 | } |
70 | } | 72 | } |
71 | 73 | ||
72 | void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text) | 74 | void CPlucker_base::sizes(unsigned long& _file, unsigned long& _text) |
73 | { | 75 | { |
74 | _file = file_length; | 76 | _file = file_length; |
75 | if (textlength == 0) | 77 | if (textlength == 0) |
76 | { | 78 | { |
77 | for (int recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++) | 79 | for (int recptr = 1; recptr < ntohs(head.recordList.numRecords); recptr++) |
78 | { | 80 | { |
79 | gotorecordnumber(recptr); | 81 | gotorecordnumber(recptr); |
80 | UInt16 thishdr_uid, thishdr_nParagraphs; | 82 | UInt16 thishdr_uid, thishdr_nParagraphs; |
81 | UInt32 thishdr_size; | 83 | UInt32 thishdr_size; |
82 | UInt8 thishdr_type, thishdr_reserved; | 84 | UInt8 thishdr_type, thishdr_reserved; |
83 | GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); | 85 | GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); |
84 | if (thishdr_type < 2) textlength += thishdr_size; | 86 | if (thishdr_type < 2) textlength += thishdr_size; |
85 | } | 87 | } |
86 | } | 88 | } |
87 | _text = textlength; | 89 | _text = textlength; |
88 | //ntohl(hdr0.size); | 90 | //ntohl(hdr0.size); |
89 | } | 91 | } |
90 | 92 | ||
91 | char* CPlucker_base::geturl(UInt16 tgt) | 93 | char* CPlucker_base::geturl(UInt16 tgt) |
92 | { | 94 | { |
93 | char * pRet = NULL; | 95 | char * pRet = NULL; |
94 | gotorecordnumber(0); | 96 | gotorecordnumber(0); |
95 | fread(&hdr0, 1, 6, fin); | 97 | fread(&hdr0, 1, 6, fin); |
96 | unsigned int nrecs = ntohs(hdr0.nRecords); | 98 | unsigned int nrecs = ntohs(hdr0.nRecords); |
97 | //qDebug("Version %u, no. recs %u", ntohs(hdr0.version), nrecs); | 99 | //qDebug("Version %u, no. recs %u", ntohs(hdr0.version), nrecs); |
98 | UInt16 urlid = 0; | 100 | UInt16 urlid = 0; |
99 | bool urlsfound = false; | 101 | bool urlsfound = false; |
100 | char* urls = NULL; | 102 | char* urls = NULL; |
101 | size_t urlsize = 0; | 103 | size_t urlsize = 0; |
102 | for (unsigned int i = 0; i < nrecs; i++) | 104 | for (unsigned int i = 0; i < nrecs; i++) |
103 | { | 105 | { |
104 | UInt16 id, name; | 106 | UInt16 id, name; |
105 | fread(&name, 1, sizeof(name), fin); | 107 | fread(&name, 1, sizeof(name), fin); |
106 | fread(&id, 1, sizeof(id), fin); | 108 | fread(&id, 1, sizeof(id), fin); |
107 | //qDebug("N:%d, I:%d", ntohs(name), ntohs(id)); | 109 | //qDebug("N:%d, I:%d", ntohs(name), ntohs(id)); |
108 | if (ntohs(name) == 2) | 110 | if (ntohs(name) == 2) |
109 | { | 111 | { |
110 | urlsfound = true; | 112 | urlsfound = true; |
111 | urlid = id; | 113 | urlid = id; |
112 | //qDebug("Found url index:%d", ntohs(urlid)); | 114 | //qDebug("Found url index:%d", ntohs(urlid)); |
113 | } | 115 | } |
114 | ////qDebug("%x", id); | 116 | ////qDebug("%x", id); |
115 | } | 117 | } |
116 | if (urlsfound) | 118 | if (urlsfound) |
117 | { | 119 | { |
118 | unsigned short recptr = finduid(ntohs(urlid)); | 120 | unsigned short recptr = finduid(ntohs(urlid)); |
119 | if (recptr != 0) | 121 | if (recptr != 0) |
120 | { | 122 | { |
121 | gotorecordnumber(recptr); | 123 | gotorecordnumber(recptr); |
122 | UInt16 thishdr_uid, thishdr_nParagraphs; | 124 | UInt16 thishdr_uid, thishdr_nParagraphs; |
123 | UInt32 thishdr_size; | 125 | UInt32 thishdr_size; |
124 | UInt8 thishdr_type, thishdr_reserved; | 126 | UInt8 thishdr_type, thishdr_reserved; |
125 | GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); | 127 | GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); |
126 | UInt16 urlctr = 0; | 128 | UInt16 urlctr = 0; |
127 | while (1) | 129 | while (1) |
128 | { | 130 | { |
129 | UInt16 tctr; | 131 | UInt16 tctr; |
130 | fread(&tctr, 1, sizeof(tctr), fin); | 132 | fread(&tctr, 1, sizeof(tctr), fin); |
131 | fread(&urlid, 1, sizeof(urlid), fin); | 133 | fread(&urlid, 1, sizeof(urlid), fin); |
132 | tctr = ntohs(tctr); | 134 | tctr = ntohs(tctr); |
133 | //qDebug("tgt:%u urlctr:%u tctr:%u", tgt, urlctr, tctr); | 135 | //qDebug("tgt:%u urlctr:%u tctr:%u", tgt, urlctr, tctr); |
134 | if (tctr >= tgt) | 136 | if (tctr >= tgt) |
135 | { | 137 | { |
136 | break; | 138 | break; |
137 | } | 139 | } |
138 | urlctr = tctr; | 140 | urlctr = tctr; |
139 | } | 141 | } |
140 | //qDebug("urls are in %d", ntohs(urlid)); | 142 | //qDebug("urls are in %d", ntohs(urlid)); |
141 | recptr = finduid(ntohs(urlid)); | 143 | recptr = finduid(ntohs(urlid)); |
142 | if (recptr != 0) | 144 | if (recptr != 0) |
143 | { | 145 | { |
144 | UInt32 reclen = recordlength(recptr) - HeaderSize(); | 146 | UInt32 reclen = recordlength(recptr) - HeaderSize(); |
145 | gotorecordnumber(recptr); | 147 | gotorecordnumber(recptr); |
146 | GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); | 148 | GetHeader(thishdr_uid, thishdr_nParagraphs, thishdr_size, thishdr_type, thishdr_reserved); |
147 | //qDebug("Found urls:%x",thishdr_type); | 149 | //qDebug("Found urls:%x",thishdr_type); |
148 | urlsize = thishdr_size; | 150 | urlsize = thishdr_size; |
149 | urls = new char[urlsize]; | 151 | urls = new char[urlsize]; |
150 | Expand(reclen, thishdr_type, (UInt8*)urls, urlsize); | 152 | Expand(reclen, thishdr_type, (UInt8*)urls, urlsize); |
151 | char* ptr = urls; | 153 | char* ptr = urls; |
152 | int rn = urlctr+1; | 154 | int rn = urlctr+1; |
153 | while (ptr - urls < urlsize) | 155 | while (ptr - urls < urlsize) |
154 | { | 156 | { |
155 | if (rn == tgt) | 157 | if (rn == tgt) |
156 | { | 158 | { |
157 | //qDebug("URL:%s", ptr); | 159 | //qDebug("URL:%s", ptr); |
158 | int len = strlen(ptr)+1; | 160 | int len = strlen(ptr)+1; |
159 | pRet = new char[len]; | 161 | pRet = new char[len]; |