[Kicad-developers] [PATCH] fix coverity reported strcat/strcpy potential overflows

Sun, 09 Aug 2015 16:47:07 -0700 

This should eliminate three of the "low" coverity defects where strcat or
strcpy can overflow the destination buffer if left as is.

From dbb86a6ed3c694944b91f3230983c1106e142bd8 Mon Sep 17 00:00:00 2001
From: Mark Roszko <mark.ros...@gmail.com>
Date: Sun, 9 Aug 2015 18:00:20 -0400
Subject: [PATCH 1/1] Fixed strcat/cpy safety issues

---
 common/fpid.cpp                  | 2 +-
 gerbview/rs274x.cpp              | 5 ++++-
 pcbnew/legacy_netlist_reader.cpp | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/common/fpid.cpp b/common/fpid.cpp
index 025b7b5..1ed0f99 100644
--- a/common/fpid.cpp
+++ b/common/fpid.cpp
@@ -97,7 +97,7 @@ static int okRevision( const std::string& aField )
     if( aField.size() >= 4 )
     {
         strcpy( rev, "x/" );
-        strcat( rev, aField.c_str() );
+        strncat( rev, aField.c_str(), sizeof(rev)-strlen(rev)-1 );
 
         if( EndsWithRev( rev, rev + strlen(rev), '/' ) == rev+2 )
             return -1;    // success
diff --git a/gerbview/rs274x.cpp b/gerbview/rs274x.cpp
index d30ee3a..b8eb6c7 100644
--- a/gerbview/rs274x.cpp
+++ b/gerbview/rs274x.cpp
@@ -597,7 +597,10 @@ bool GERBER_IMAGE::ExecuteRS274XCommand( int       command,
             ReportMessage( _( "Too many include files!!" ) );
             break;
         }
-        strcpy( line, text );
+
+        strncpy( line, text, sizeof(line)-1 );
+        line[sizeof(line)-1] = '\0';
+
         strtok( line, "*%%\n\r" );
         m_FilesList[m_FilesPtr] = m_Current_File;
 
diff --git a/pcbnew/legacy_netlist_reader.cpp b/pcbnew/legacy_netlist_reader.cpp
index 4c769d2..a559c7b 100644
--- a/pcbnew/legacy_netlist_reader.cpp
+++ b/pcbnew/legacy_netlist_reader.cpp
@@ -108,7 +108,8 @@ COMPONENT* LEGACY_NETLIST_READER::loadComponent( char* aText )
     wxString name;              // the name of component that was placed in the schematic
     char     line[1024];
 
-    strcpy( line, aText );
+    strncpy( line, aText, sizeof(line)-1 );
+    line[sizeof(line)-1] = '\0';
 
     value = wxT( "~" );
 
-- 
1.9.1


_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
Post to     : kicad-developers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kicad-developers
More help   : https://help.launchpad.net/ListHelp

Reply via email to