qcommon: fix potential buffer overflow in COM_StripFilename #350

Exagone313 · 2019-01-27T23:49:32Z

Fixes a potential buffer overflow and a compilation warning (warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]).
The COM_StripFilename function is only used once on a MAX_QPATH sized char array.
Also saw that Q_strncpyz function uses strncpy with len-1 and ensures a NUL at len-1 (so it is safe).

ensiform · 2019-01-28T03:40:46Z

Probably better to rewrite it with buffer size in parameter list and possibly use strrchr for \ and / depending on platform or if its a qpath then you can do / only.

Exagone313 · 2019-01-28T23:28:34Z

Updated prototype of COM_StripFilename for outsize in first commit, and changed COM_SkipPath to use strrchr in the second (rebased just in case).

Exagone313 force-pushed the fix-strncpy-warning branch from 3eb7e8f to 120d8c6 Compare January 28, 2019 23:23

Exagone313 added 2 commits January 29, 2019 00:24

qcommon: fix potential buffer overflow in COM_StripFilename

13326e2

qcommon: use strrchr in COM_SkipPath

4c3c646

Exagone313 force-pushed the fix-strncpy-warning branch from 120d8c6 to 4c3c646 Compare January 28, 2019 23:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

qcommon: fix potential buffer overflow in COM_StripFilename #350

qcommon: fix potential buffer overflow in COM_StripFilename #350

Exagone313 commented Jan 27, 2019

ensiform commented Jan 28, 2019

Exagone313 commented Jan 28, 2019

qcommon: fix potential buffer overflow in COM_StripFilename #350

Are you sure you want to change the base?

qcommon: fix potential buffer overflow in COM_StripFilename #350

Conversation

Exagone313 commented Jan 27, 2019

ensiform commented Jan 28, 2019

Exagone313 commented Jan 28, 2019