From e58ebbf162d219a02c22c425ca84b8f5466feb1a Mon Sep 17 00:00:00 2001 From: Peter Ludemann Date: Thu, 21 Dec 2023 18:50:28 -0800 Subject: [PATCH] Fix possible buffer overflow --- libhdt/src/libdcs/CSD_FMIndex.cpp | 5 +++-- libhdt/src/libdcs/CSD_HTFC.cpp | 13 ++++++++----- libhdt/src/libdcs/CSD_PFC.cpp | 6 ++++-- libhdt/src/triples/TripleListDisk.cpp | 2 +- 4 files changed, 16 insertions(+), 10 deletions(-) diff --git a/libhdt/src/libdcs/CSD_FMIndex.cpp b/libhdt/src/libdcs/CSD_FMIndex.cpp index f61ec93f..4f290981 100644 --- a/libhdt/src/libdcs/CSD_FMIndex.cpp +++ b/libhdt/src/libdcs/CSD_FMIndex.cpp @@ -99,7 +99,8 @@ CSD_FMIndex::CSD_FMIndex(hdt::IteratorUCharString *it, bool sparse_bitsequence, text = (unsigned char *)realloc(text, reservedSize * sizeof(unsigned char)); } - strncpy((char *)(text + total), (char *)currentStr, currentLength); + strncpy((char *)(text + total), (char *)currentStr, reservedSize - total); + text[reservedSize-1] = '\0'; // shouldn't be needed, but make compiler happy total += currentLength; @@ -118,7 +119,7 @@ CSD_FMIndex::CSD_FMIndex(hdt::IteratorUCharString *it, bool sparse_bitsequence, textFinal = new char[total + 1]; // cout<<"testing:total cpy:"< " << currentStr << endl; @@ -113,7 +114,8 @@ CSD_HTFC::CSD_HTFC(hdt::IteratorUCharString *it, uint32_t blocksize, // The suffix is copied to the sequence strncpy((char *)(textfc + bytesfc), (char *)currentStr + delta, - currentLength - delta); + reservedSize - bytesfc); + textfc[reservedSize-1] = '\0'; bytesfc += currentLength - delta; // cout << nblocks-1 << "," << length << " => " << currentStr << endl; } @@ -333,8 +335,8 @@ void CSD_HTFC::dumpBlock(uint block) { uint idInBlock = 0; // Reading the first string - strncpy((char *)string, (char *)(text + pos), slen); - string[slen] = '\0'; + strncpy((char *)string, (char *)(text + pos), maxlength + 1); + string[maxlength] = '\0'; pos += slen; cout << block * blocksize + idInBlock << " (" << idInBlock << ") => " @@ -352,7 +354,8 @@ void CSD_HTFC::dumpBlock(uint block) { // Copying the suffix slen = strlen((char *)text + pos) + 1; - strncpy((char *)(string + delta), (char *)(text + pos), slen); + strncpy((char *)(string + delta), (char *)(text + pos), maxlength + 1 - delta); + string[maxlength] = '\0'; // shouldn't be needed, but make compiler happy cout << block * blocksize + idInBlock << " (" << idInBlock << ") => " << string << " Delta=" << delta << " Len=" << slen << endl; diff --git a/libhdt/src/libdcs/CSD_PFC.cpp b/libhdt/src/libdcs/CSD_PFC.cpp index a0f876c0..5e199265 100644 --- a/libhdt/src/libdcs/CSD_PFC.cpp +++ b/libhdt/src/libdcs/CSD_PFC.cpp @@ -81,7 +81,8 @@ CSD_PFC::CSD_PFC(hdt::IteratorUCharString *it, uint32_t blocksize, nblocks++; // The string is explicitly copied to the encoded sequence. - strncpy((char *)(text + bytes), (char *)currentStr, currentLength); + strncpy((char *)(text + bytes), (char *)currentStr, reservedSize - bytes); + text[reservedSize-1] = '\0'; // shouldn't be needed, but make compiler happy bytes += currentLength; } else { // Regular string @@ -96,7 +97,8 @@ CSD_PFC::CSD_PFC(hdt::IteratorUCharString *it, uint32_t blocksize, // The suffix is copied to the sequence strncpy((char *)(text + bytes), (char *)currentStr + delta, - currentLength - delta); + reservedSize - bytes); + text[reservedSize-1] = '\0'; bytes += currentLength - delta; } diff --git a/libhdt/src/triples/TripleListDisk.cpp b/libhdt/src/triples/TripleListDisk.cpp index 0f4ec37c..ae575150 100644 --- a/libhdt/src/triples/TripleListDisk.cpp +++ b/libhdt/src/triples/TripleListDisk.cpp @@ -303,7 +303,7 @@ void TripleListDisk::insert(TripleID &triple) //cout << "Insert: " <<&pointer[numTotalTriples] << "* "<< triple << " "<