From fdd5233b23cd1bda248b73aa6e8d9e06b7eba18d Mon Sep 17 00:00:00 2001 From: Liong Sauw Ming Date: Thu, 31 Dec 2015 05:06:03 +0000 Subject: Re #1882 (misc): Add assertion checks in pj_strncpy() and pj_strncpy_with_null(). When max is negative, it may go undetected and cause crash since it will be cast to an unsigned when calling pj_memcpy(). Thanks to Dusan Klinec for the suggestion. git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5229 74dad513-b988-da41-8d7b-12977e46ad98 --- pjlib/include/pj/string_i.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pjlib/include/pj/string_i.h b/pjlib/include/pj/string_i.h index 53794864..b26d5ead 100644 --- a/pjlib/include/pj/string_i.h +++ b/pjlib/include/pj/string_i.h @@ -18,6 +18,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include #include PJ_IDEF(pj_str_t) pj_str(char *str) @@ -117,6 +118,7 @@ PJ_IDEF(pj_str_t*) pj_strcpy2(pj_str_t *dst, const char *src) PJ_IDEF(pj_str_t*) pj_strncpy( pj_str_t *dst, const pj_str_t *src, pj_ssize_t max) { + pj_assert(max >= 0); if (max > src->slen) max = src->slen; pj_memcpy(dst->ptr, src->ptr, max); dst->slen = max; @@ -126,6 +128,8 @@ PJ_IDEF(pj_str_t*) pj_strncpy( pj_str_t *dst, const pj_str_t *src, PJ_IDEF(pj_str_t*) pj_strncpy_with_null( pj_str_t *dst, const pj_str_t *src, pj_ssize_t max) { + pj_assert(max > 0); + if (max <= src->slen) max = max-1; else -- cgit v1.2.3