Open
Bug 177336
Opened 22 years ago
Updated 2 years ago
File name buffer may not be large enough
Categories
(NSPR :: NSPR, defect)
Tracking
(Not tracked)
NEW
People
(Reporter: wtc, Unassigned)
Details
In mozilla/nsprpub/pr/src/linking/prlink.c, we have: char cName[64]; ... FSSpec fileSpec; ... memcpy(cName, fileSpec.name + 1, fileSpec.name[0]); cName[fileSpec.name[0]] = '\0'; The FSSpec structure is defined as: struct FSSpec { SInt16 vRefNum; SInt32 parID; StrFileName name; }; and StrFileName is defined as: typedef Str255 StrFileName; This seems to mean that fileSpec.name can be 255 character long, and the cName buffer, which can only hold a 63 character string, may not be large enough. Is my understanding correct? If my understanding is correct, the fix would be: 1. Declare cName as: char cName[256]; 2. For extra protection, check that fileSpec.name[0] is less than 256 before copying fileSpec.name to cName.
Comment 1•22 years ago
|
||
File names in FSSpecs can be a max of 31 chars long, so the buffer will always be big enough, but we should play safe here.
Status: NEW → ASSIGNED
Comment 2•22 years ago
|
||
Actually StrFileName should be defined as a Str63 when building for Mac. It's a Str255 under Windows (thanks to QuickTime APIs being cross-platform)
Reporter | ||
Comment 3•22 years ago
|
||
I may be looking at the wrong definitions. Here are the URLs of the definitions I cited. FSSpec: http://developer.apple.com/techpubs/macosx/Carbon/Files/FileManager/File_Manager/DataTypes/FSSpec.html StrFileName: http://developer.apple.com/techpubs/quicktime/qtdevdocs/APIREF/SOURCESIV/stringtypes.htm
Updated•18 years ago
|
QA Contact: wtchang → nspr
Updated•16 years ago
|
Assignee: sfraser_bugs → wtc
Comment 4•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months, so the assignee is being reset.
Assignee: wtc → nobody
Status: ASSIGNED → NEW
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•