dmiespdx
commented
7 years ago This problem has been fixed in the latest branch - vsi_3.0
Please use that branch going forward.
Thanks,
Don
On Mon, Jul 10, 2017 at 3:41 PM, INRIX-joel-winarske < notifications@github.com> wrote:
The function vsi_define_signal_name() in vsi.c in incorrectly copying the string. strncpy() does not null terminate. Happy to create a PR for this.
diff --git a/api/vsi.c b/api/vsi.c index e146f82..1a44c61 100644 --- a/api/vsi.c +++ b/api/vsi.c @@ -2141,8 +2141,8 @@ int vsi_define_signal_name ( vsi_handle handle, // TODO: Check for string overflow here! // nameIdDefinition->name = sm_malloc ( strlen(name) + 1 );
strncpy ( nameIdDefinition->name, name, strlen(name) );
nameIdDefinition->name[strlen(name)+1] = 0;
nameIdDefinition->name[0] = '\0';
strncat(nameIdDefinition->name, name, strlen(name) + 1);
// // Go insert the new id/name definition structure into both of the btree
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/GENIVI/vehicle_signal_interface/issues/21, or mute the thread https://github.com/notifications/unsubscribe-auth/AQC0mYOFhCsmU1i3_ZbaEgL9xvrrb1fiks5sMqiDgaJpZM4OTgi_ .
--
Don Mies Senior Systems Architect - Open Source Projects Open Software Technology Center
Email: dmies@jaguarlandrover.com mfeuer@jaguarlandrover.com
M: +1 601-953-3397
Jaguar Land Rover North America, LLC 1419 NW 14th Ave, Portland, OR 97209 Jaguar USA http://www.JaguarUSA.com/index.html | Land Rover USA http://www.LandRoverUSA.com/us/en/lr
Business Details: Jaguar Land Rover Limited Registered Office: Abbey Road, Whitley, Coventry CV3 4LF Registered in England No: 1672070
This e-mail and any attachments contain confidential information for a specific individual and purpose. The information is private and privileged and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, please e-mail us immediately. We apologise for any inconvenience caused but you are hereby notified that any disclosure, copying or distribution or the taking of any action in reliance on the information contained herein is strictly prohibited.
This e-mail does not constitute an order for goods or services unless accompanied by an official purchase order.
ghost
The function vsi_define_signal_name() in vsi.c in incorrectly copying the string. strncpy() does not null terminate. Happy to create a PR for this.
diff --git a/api/vsi.c b/api/vsi.c index e146f82..1a44c61 100644 --- a/api/vsi.c +++ b/api/vsi.c @@ -2141,8 +2141,8 @@ int vsi_define_signal_name ( vsi_handle handle, // TODO: Check for string overflow here! // nameIdDefinition->name = sm_malloc ( strlen(name) + 1 );
strncat(nameIdDefinition->name, name, strlen(name) + 1);
// // Go insert the new id/name definition structure into both of the btree