Yuan Ren wrote:
>
> You're right, so I modified to use asprintf(3) to handle the indeterminate
> buffer size.
> And there would be exit the process if overflow.
Hmm, asprintf seems to be available on BSD and Linux, but missing
on other systems.
>
> diff --git a/src/hyper/spadint.c b/src/hyper/spadint.c
> index fb031fc..771047d 100644
> --- a/src/hyper/spadint.c
> +++ b/src/hyper/spadint.c
> @@ -39,6 +39,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
> DAMAGE.
> #include "debug.h"
>
> #include <signal.h>
> +#include <limits.h>
> +#include <error.h>
> +#include <stdlib.h>
>
> #include "hyper.h"
> #include "parse.h"
> @@ -182,18 +185,20 @@ mark_as_executed(HyperDocPage *page, TextNode
> *command,int type)
> static void
> start_user_buffer(HyperDocPage *page)
> {
> - char buf[1024], *title;
> + char *buf, *title;
> char *SPAD;
> - char spadbuf[250];
> - char complfile[250];
> + char spadbuf[PATH_MAX];
> + char complfile[PATH_MAX];
> int ret_val;
>
> SPAD = (char *) getenv("AXIOM");
> - if (SPAD == NULL) {
> - sprintf(SPAD, "/spad/mnt/rios");
> + snprintf(spadbuf, sizeof(spadbuf), "%s/lib/spadbuf", SPAD);
> + if(access(spadbuf, R_OK) == -1)
> + {
> + perror("spadbuf access err");
> + exit(-1);
> }
> - sprintf(spadbuf, "%s/lib/spadbuf", SPAD);
> - sprintf(complfile, "%s/lib/command.list", SPAD);
> + snprintf(complfile, sizeof(complfile), "%s/lib/command.list", SPAD);
> title = print_to_string(page->title);
> if (access(complfile, R_OK) == 0)
>
> @@ -201,11 +206,11 @@ start_user_buffer(HyperDocPage *page)
> * TTT says : why not invoke with "-name fricasclient" and set any
> * defaults in the usual way
> */
> - sprintf(buf,
> + asprintf(&buf,
> "xterm -sb -sl 500 -name fricasclient -n '%s' -T '%s' -e %s %s
> %s&",
> title, title, spadbuf, page->name, complfile);
> else
> - sprintf(buf,
> + asprintf(&buf,
> "xterm -sb -sl 500 -name fricasclient -n '%s' -T '%s' -e %s
> '%s'&",
> title, title, spadbuf, page->name);
> ret_val = system(buf);
> @@ -215,6 +220,7 @@ start_user_buffer(HyperDocPage *page)
> * perror("running the xterm spadbuf program"); exit(-1);
> */
> }
> + free(buf);
> accept_menu_server_connection(page);
> sleep(2);
> }
>
> On Fri, Jul 13, 2018 at 1:48 AM, Waldek Hebisch <[email protected]>
> wrote:
>
> >
> > Frankly, this does not look like a right fix. AFAICS you are picking
> > BUFSIZE from system headers -- this is not improvement over
> > using fixed max value. Using PATH_MAX helps, but in case
> > of overflow snprintf truncate value, so further attempts to
> > use result will produce nonsense. So overflow should be
> > fatal error.
> >
> > --
> > Waldek Hebisch
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "FriCAS - computer algebra system" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to [email protected].
> > To post to this group, send email to [email protected].
> > Visit this group at https://groups.google.com/group/fricas-devel.
> > For more options, visit https://groups.google.com/d/optout.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "FriCAS - computer algebra system" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/fricas-devel.
> For more options, visit https://groups.google.com/d/optout.
>
> --0000000000000de33a0570d86534
> Content-Type: text/html; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr"><div>You're right, so I modified to use asprintf(3) to=
> handle the indeterminate buffer size.=C2=A0</div><div>And there would be e=
> xit the process if overflow.=C2=A0=C2=A0</div><div><br></div><div><br></div=
> ><div>diff --git a/src/hyper/spadint.c b/src/hyper/spadint.c</div><div>inde=
> x fb031fc..771047d 100644</div><div>--- a/src/hyper/spadint.c</div><div>+++=
> b/src/hyper/spadint.c</div><div>@@ -39,6 +39,9 @@ SOFTWARE, EVEN IF ADVISE=
> D OF THE POSSIBILITY OF SUCH DAMAGE.</div><div>=C2=A0#include "debug.h=
> "</div><div><br></div><div>=C2=A0#include <signal.h></div><div>+=
> #include <limits.h></div><div>+#include <error.h></div><div>+#i=
> nclude <stdlib.h></div><div><br></div><div>=C2=A0#include "hyper=
> .h"</div><div>=C2=A0#include "parse.h"</div><div>@@ -182,18 =
> +185,20 @@ mark_as_executed(HyperDocPage *page, TextNode *command,int type)=
> </div><div>=C2=A0static void</div><div>=C2=A0start_user_buffer(HyperDocPage=
> *page)</div><div>=C2=A0{</div><div>-=C2=A0 =C2=A0 char buf[1024], *title;<=
> /div><div>+=C2=A0 =C2=A0 char *buf, *title;</div><div>=C2=A0 =C2=A0 =C2=A0c=
> har *SPAD;</div><div>-=C2=A0 =C2=A0 char spadbuf[250];</div><div>-=C2=A0 =
> =C2=A0 char complfile[250];</div><div>+=C2=A0 =C2=A0 char spadbuf[PATH_MAX]=
> ;</div><div>+=C2=A0 =C2=A0 char complfile[PATH_MAX];</div><div>=C2=A0 =C2=
> =A0 =C2=A0int ret_val;</div><div><br></div><div>=C2=A0 =C2=A0 =C2=A0SPAD =
> =3D (char *) getenv("AXIOM");</div><div>-=C2=A0 =C2=A0 if (SPAD =
> =3D=3D NULL) {</div><div>-=C2=A0 =C2=A0 =C2=A0 =C2=A0 sprintf(SPAD, "/=
> spad/mnt/rios");</div><div>+=C2=A0 =C2=A0 snprintf(spadbuf, sizeof(spa=
> dbuf), "%s/lib/spadbuf", SPAD);</div><div>+=C2=A0 =C2=A0 if(acces=
> s(spadbuf, R_OK) =3D=3D -1)</div><div>+=C2=A0 =C2=A0 {</div><div>+=C2=A0 =
> =C2=A0 =C2=A0 perror("spadbuf access err");</div><div>+=C2=A0 =C2=
> =A0 =C2=A0 exit(-1);</div><div>=C2=A0 =C2=A0 =C2=A0}</div><div>-=C2=A0 =C2=
> =A0 sprintf(spadbuf, "%s/lib/spadbuf", SPAD);</div><div>-=C2=A0 =
> =C2=A0 sprintf(complfile, "%s/lib/command.list", SPAD);</div><div=
> >+=C2=A0 =C2=A0 snprintf(complfile, sizeof(complfile), "%s/lib/command=
> .list", SPAD);</div><div>=C2=A0 =C2=A0 =C2=A0title =3D print_to_string=
> (page->title);</div><div>=C2=A0 =C2=A0 =C2=A0if (access(complfile, R_OK)=
> =3D=3D 0)</div><div><br></div><div>@@ -201,11 +206,11 @@ start_user_buffer=
> (HyperDocPage *page)</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 * TTT say=
> s : why not invoke with "-name fricasclient" and set any</div><di=
> v>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 * defaults in the usual way</div><div>=
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 */</div><div>-=C2=A0 =C2=A0 =C2=A0 =C2=
> =A0 sprintf(buf,</div><div>+=C2=A0 =C2=A0 =C2=A0 =C2=A0 asprintf(&buf,<=
> /div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"xterm -sb -sl 500 -name f=
> ricasclient -n '%s' -T '%s' -e=C2=A0 %s %s %s&",</=
> div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0titl=
> e, title, spadbuf, page->name, complfile);</div><div>=C2=A0 =C2=A0 =C2=
> =A0else</div><div>-=C2=A0 =C2=A0 =C2=A0 =C2=A0 sprintf(buf,</div><div>+=C2=
> =A0 =C2=A0 asprintf(&buf,</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
> "xterm -sb -sl 500 -name fricasclient -n '%s' -T '%s' =
> -e=C2=A0 %s '%s'&",</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0title, title, spadbuf, page->name);</d=
> iv><div>=C2=A0 =C2=A0 =C2=A0ret_val =3D system(buf);</div><div>@@ -215,6 +2=
> 20,7 @@ start_user_buffer(HyperDocPage *page)</div><div>=C2=A0 =C2=A0 =C2=
> =A0 =C2=A0 =C2=A0 * perror("running the xterm spadbuf program"); =
> exit(-1);</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 */</div><div>=C2=A0 =
> =C2=A0 =C2=A0}</div><div>+=C2=A0 =C2=A0 free(buf);</div><div>=C2=A0 =C2=A0 =
> =C2=A0accept_menu_server_connection(page);</div><div>=C2=A0 =C2=A0 =C2=A0sl=
> eep(2);</div><div>=C2=A0}</div><div class=3D"gmail_extra"><br><div class=3D=
> "gmail_quote">On Fri, Jul 13, 2018 at 1:48 AM, Waldek Hebisch <span dir=3D"=
> ltr"><<a href=3D"mailto:[email protected]"; target=3D"_blank">hebi=
> [email protected]</a>></span> wrote:<br><blockquote class=3D"gmail_qu=
> ote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex=
> "><div class=3D"HOEnZb"><div class=3D"h5"><br>
> </div></div>Frankly, this does not look like a right fix.=C2=A0 AFAICS you =
> are picking<br>
> BUFSIZE from system headers -- this is not improvement over<br>
> using fixed max value.=C2=A0 Using PATH_MAX helps, but in case<br>
> of overflow snprintf truncate value, so further attempts to<br>
> use result will produce nonsense.=C2=A0 So overflow should be<br>
> fatal error.<br>
> <span class=3D"HOEnZb"><font color=3D"#888888"><br>
> -- <br>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
> =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Waldek Hebisch<br>
> <br>
> -- <br>
> You received this message because you are subscribed to the Google Groups &=
> quot;FriCAS - computer algebra system" group.<br>
> To unsubscribe from this group and stop receiving emails from it, send an e=
> mail to <a href=3D"mailto:fricas-devel%[email protected]";>fric=
> as-devel+unsubscribe@<wbr>googlegroups.com</a>.<br>
> To post to this group, send email to <a href=3D"mailto:fricas-devel@googleg=
> roups.com">[email protected]</a>.<br>
> Visit this group at <a href=3D"https://groups.google.com/group/fricas-devel=
> " rel=3D"noreferrer" target=3D"_blank">https://groups.google.com/<wbr>group=
> /fricas-devel</a>.<br>
> For more options, visit <a href=3D"https://groups.google.com/d/optout"; rel=
> =3D"noreferrer" target=3D"_blank">https://groups.google.com/d/<wbr>optout</=
> a>.<br>
> </font></span></blockquote></div><br></div></div>
>
> <p></p>
>
> -- <br />
> You received this message because you are subscribed to the Google Groups &=
> quot;FriCAS - computer algebra system" group.<br />
> To unsubscribe from this group and stop receiving emails from it, send an e=
> mail to <a href=3D"mailto:[email protected]";>fricas=
> [email protected]</a>.<br />
> To post to this group, send email to <a href=3D"mailto:fricas-devel@googleg=
> roups.com">[email protected]</a>.<br />
> Visit this group at <a href=3D"https://groups.google.com/group/fricas-devel=
> ">https://groups.google.com/group/fricas-devel</a>.<br />
> For more options, visit <a href=3D"https://groups.google.com/d/optout";>http=
> s://groups.google.com/d/optout</a>.<br />
>
> --0000000000000de33a0570d86534--
>
--
Waldek Hebisch
--
You received this message because you are subscribed to the Google Groups
"FriCAS - computer algebra system" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/fricas-devel.
For more options, visit https://groups.google.com/d/optout.
