Closed GoogleCodeExporter closed 9 years ago
This issue was closed by revision c9b42a87ec01.
Original comment by h.lepp...@gmail.com
on 12 May 2014 at 2:31
I added a few wrappers that automatically calculate the required memory and/or
ensure there is a null terminator.
Note that one part of your description is not accurate, it will *only* not
write a NULL if the string length matches the buffer size exactly. If the
length is longer, it'll error instead. So the chance of this happening is not
as dramatic - unless someone targets it specifically, of course.
Original comment by h.lepp...@gmail.com
on 12 May 2014 at 2:33
I looked at the safeXX functions you added, and I think that they can still
yield non-null terminated strings. In particular, the following example code
gives a non-null terminated string even when using the SafeXX functions you
created.
char* str = "asajsfdfja9dsfja9sdfa0s9fdjas0fdajds0fjlkjdsaf";
wchar_t wstr[4];
SafeMultiByteToWideChar(CP_UTF8, 0, str, -1, wstr, 2);
printf("%u %u %u %u", wstr[0], wstr[1], wstr[2], wstr[3]);
// prints 97 115 52428 52428, note that the last character is not 0
Also, in response to your comment:
> Note that one part of your description is not accurate, it will *only* not
write a
> NULL if the string length matches the buffer size exactly. If the length is
longer,
> it'll error instead. So the chance of this happening is not as dramatic -
unless
> someone targets it specifically, of course.
I believe that what I said was actually correct. In particular, if it were the
case that having a source much longer than the destination results in a
null-terminated string, then the example code above would print 97 115 52428 0
instead of 97 115 52428 52428.
Why not just replace the usages of these functions with the standard C++ string
conversion utilities? They're safe, and a bit cleaner too.
Original comment by johnp...@gmail.com
on 13 May 2014 at 7:15
Well, technically we're both correct. If the input string is far too long,
it'll not write a null terminator, but it'll also return an error code. An
alternative would be that it didn't modify the provided buffer at all (like
many other functions would in an error case), and you still end up with random
non-terminated data (your uninitialized buffer).
In short, one should check the return value for errors! ;)
I've added an additional check in the function which should ensure null
termination now.
PS:
I don't like the C++ functions, they look ugly and clunky.
Original comment by h.lepp...@gmail.com
on 17 May 2014 at 1:09
Original issue reported on code.google.com by
johnp...@gmail.com
on 10 May 2014 at 11:36