http://lxr.mozilla.org/seamonkey/source/mailnews/mime/src/comi18n.cpp#1076 http://lxr.mozilla.org/seamonkey/source/mailnews/mime/src/comi18n.cpp#310 http://lxr.mozilla.org/seamonkey/source/mailnews/compose/src/nsMsgCompUtils.cpp#779 http://lxr.mozilla.org/seamonkey/source/mailnews/compose/src/nsMsgSendPart.cpp#66
This is great - please make this change. It's best to use sizeof() for the size argument to PL_strcpy. For example, PL_strncpy(charset_label, charset, sizeof(charset_label) - 1); charset_label[sizeof(charset_label) - 1)] = '\0'; Add the explicit null termination as above.
Mitch, could you review the patch?
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Comment on attachment 84312 [details] [diff] [review] Changed strcpy to strncpy. R=ducarroz
Attachment #84312 - Flags: review+
Comment on attachment 84312 [details] [diff] [review] Changed strcpy to strncpy. sr=bienvenu
Attachment #84312 - Flags: superreview+
nsbeta1, the calls I changed were used for message compose/send, so far I have not found actual problem but I think it's better to fix this to prevent unknown problems.
security issue. not sure this is adt2 or adt3. Put adt2 here for now. adt: please change it if you disagree with that. thanks.
checked in to the trunk
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
nsMsgSendPart.cpp 1.52 nsMsgCompUtils.cpp 1.138 comi18n.cpp 1.109 verified by cvs
Status: RESOLVED → VERIFIED
QA Contact: ji → nhotta
adding adt1.0.1+. Please get drivers approval before checking into the branch.
Comment on attachment 84312 [details] [diff] [review] Changed strcpy to strncpy. Please land this on the 1.0.1 branch. Once there, remove the "mozilla1.0.1+" keyword, and add the "fixed1.0.1" (Perhaps, *on the trunk*, it might make sense to fix this using PL_strncpyz instead, which will allow sizeof(buffer) and allow removing the extra null-termination code.)
Attachment #84312 - Flags: approval+
You need to log in before you can comment on or make changes to this bug.