Replace strcpy by strncpy for charset name copy.

VERIFIED FIXED in mozilla1.0.1

Status

defect
VERIFIED FIXED
17 years ago
11 years ago

People

(Reporter: nhottanscp, Assigned: nhottanscp)

Tracking

({intl})

Trunk
mozilla1.0.1
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [adt2])

Attachments

(1 attachment)

This is great - please make this change. It's best to use sizeof() for the size
argument to PL_strcpy. For example,

PL_strncpy(charset_label, charset, sizeof(charset_label) - 1);
charset_label[sizeof(charset_label) - 1)] = '\0';

Add the explicit null termination as above.
Assignee

Comment 2

17 years ago
Assignee

Comment 3

17 years ago
Mitch, could you review the patch?
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Comment on attachment 84312 [details] [diff] [review]
Changed strcpy to strncpy.

R=ducarroz
Attachment #84312 - Flags: review+

Comment 5

17 years ago
Comment on attachment 84312 [details] [diff] [review]
Changed strcpy to strncpy.

sr=bienvenu
Attachment #84312 - Flags: superreview+
Assignee

Comment 6

17 years ago
nsbeta1, the calls I changed were used for message compose/send, so far I have
not found actual problem but I think it's better to fix this to prevent unknown
problems.
Keywords: nsbeta1
Assignee

Updated

17 years ago
Target Milestone: mozilla1.0 → mozilla1.0.1

Comment 7

17 years ago
security issue. not sure this is adt2 or adt3. Put adt2 here for now. adt:
please change it if you disagree with that. thanks.
Blocks: 141008
Keywords: nsbeta1intl, nsbeta1+
Whiteboard: [adt2]
Assignee

Comment 8

17 years ago
checked in to the trunk
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee

Comment 9

17 years ago
nsMsgSendPart.cpp 1.52
nsMsgCompUtils.cpp 1.138
comi18n.cpp 1.109

verified by cvs
Status: RESOLVED → VERIFIED
QA Contact: ji → nhotta

Updated

17 years ago

Comment 10

17 years ago
adding adt1.0.1+.  Please get drivers approval before checking into the branch.
Keywords: adt1.0.1adt1.0.1+
Comment on attachment 84312 [details] [diff] [review]
Changed strcpy to strncpy.

Please land this on the 1.0.1 branch.  Once there, remove the
"mozilla1.0.1+" keyword, and add the "fixed1.0.1"


(Perhaps, *on the trunk*, it might make sense to fix this using PL_strncpyz
instead, which will allow sizeof(buffer) and allow removing the extra
null-termination code.)
Attachment #84312 - Flags: approval+
Assignee

Updated

17 years ago
Keywords: fixed1.0.1

Updated

17 years ago
Blocks: 146292
No longer blocks: 141008

Updated

17 years ago
Keywords: mozilla1.0.1+
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.