[PATCH] Fix potential issue where buffer is not NULL terminated in ccstruct/boxread.cpp

[GoogleCodeExporter]

Please review the attached patch. It fixes a potential issue, where first 
strncpy is called, copying data from one buffer to another:

line 133:    strncpy(uch, buffptr + 1, kBoxReadBufSize);

In case of buffptr is not NULL terminated the destination buffer 'uch' is also 
not NULL terminated. After this the function chomp_string() is called 
(ccutil/helpers.h):

line 32 inline void chomp_string(char *str) {
line 33    int last_index = strlen(str) - 1;
...

In this function strlen() is called on buffer 'uch'. Strlen determines its 
length by searching for a terminating null-character.

The attached patch fixes this issue by adding a '\0' at the end of the 
character array.

Best regards and many thanks

Martin

Reference:

- http://www.cplusplus.com/reference/cstring/strncpy/
- http://www.cplusplus.com/reference/cstring/strlen/

Original issue reported on code.google.com by ettl.mar...@gmail.com on 1 Feb 2014 at 11:44

Attachments:

• bufferNotNullTerminated.patch

[GoogleCodeExporter]

Fixed in 3.03.

Original comment by theraysm...@gmail.com on 3 Feb 2014 at 7:51

• Changed state: Fixed