Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix possible buffer overflow #275

Closed
wants to merge 18 commits into from
Closed

Fix possible buffer overflow #275

wants to merge 18 commits into from

Conversation

kamahen
Copy link

@kamahen kamahen commented Dec 22, 2023

This PR should be applied to branch develop.

These changes are because the compiler pointed out mis-use of strncmp() and memcpy(). I think that I've fixed the problems, but it's easy to make an off-by-one error in such code, so please review.

(A better way of fixing this would be to use std::string or std::basic_string<unsigned char>)

@kamahen
Copy link
Author

kamahen commented Dec 22, 2023

The files to check are:

libhdt/src/libdcs/CSD_FMIndex.cpp
libhdt/src/libdcs/CSD_HTFC.cpp
libhdt/src/libdcs/CSD_PFC.cpp
libhdt/src/triples/TripleListDisk.cpp

The other files are straightforward responses to compiler warnings.

@kamahen kamahen mentioned this pull request Dec 25, 2023
Open
@kamahen
Copy link
Author

kamahen commented Dec 25, 2023

The code now compiles cleanly using gcc-13.2 with -Wall -Wextra. There were some additional problems with the use of strncpy() that I fixed. (And, in an earlier commit, I hadn't correctly fixed a call to strncpy() -- I think it's correct now).
None of these compiler warnings resulted in any failures of the test cases, so I have no easy way of verifying that I've fixed anything, nor that I've fixed things correctly.

@kamahen
Copy link
Author

kamahen commented Mar 7, 2024

This is ready to merge into branch develop. (using this? develop...JanWielemaker:hdt-cpp:develop-buffer)

Or I can do the merge on my local copy and push to branch develop ... it's up to you. (A 2nd pair of eyes, looking at my changes, is always appreciated)

Once that is done, I'll create a PR for the hdt pack that references this.

@kamahen
Copy link
Author

kamahen commented Jun 25, 2024

I reviewed my changes and realize that there's a mistake in the calls to strncpy(). I will fix this and push a new commit.

D. A. Pellegrino and others added 18 commits June 27, 2024 15:47
@kamahen
rdfhdt#246 Removed unused varibles in suffixtree code as reported by …
8f5d41c 
…Intel compiler.
@kamahen
rdfhdt#248 Removed unused exception in BasicHDT blocked out for non-W…
8d1e060 
…IN32
@kamahen
rdfhdt#251 Removed call to deprecated ftime().
8bc5051
@kamahen
rdfhdt#254 Set the dumpDictionary test case to take exactly the input…
9ae4dea 
… from the data directory under revision control instead of user-supplied input to support automated testing.
@donpellegrino @kamahen
rdfhdt#263 - Executed clang-format on the .h and .cpp files with defa…
3f6700c 
…ult settings.
@chrysn @kamahen
Fix building on 32 bit architectures
5ce362d 
bitclean war previously implemented for size_t and uint32_t, which
overlap on 32 bit architectures. Implementing it for uint32_t and
uint64_t might leave the latter unused on 32 bit builds, but is
consistent and works on both.

Closes: rdfhdt#143
@lucafabbian @kamahen
added some wasm tweaks
78d4139
@lucafabbian @kamahen
Changed from try/catch to map.count for getting default value
eaf62f0
@lucafabbian @kamahen
Prettify some code
3e44ffb
@kamahen
Minimal change to make this compile (added <cstdint>)
b26c369
@kamahen
Fix some compiler warnings
7c15a59
@kamahen
Fix some compiler warnings (2)
76dd8e2
@kamahen
Fix memcpy to nullptr (commit 7e43168)
3322d78
@kamahen
Don't use deprecated std::binary_function<...>
acddece
@kamahen
Don't use deprecated serd_uri_to_path()
92a3511
@kamahen
Ensure local variables are initialized (compiler warnings)
dc9cf92
@kamahen
Ignore hdt-generated index files
b911f5d
@kamahen
Fix "sz" parameter in calls to strncpy()
59f6e3f
@kamahen
Copy link
Author

kamahen commented Jun 28, 2024

I've looked at the 5 conflicts, and in each case, the first one ("develop-buffer") should be chosen (except, you might choose to ignore my "TODO").

I suspect that there are other potential buffer overflows in the code -- it would have been better if C++ std::vector or std::string had been used instead of C-style char* (especially with null-termination), but it appears that retro-fixing this is a non-trivial job, and it also appears that this project is no longer being maintained.

@kamahen kamahen mentioned this pull request Jun 28, 2024
Closed
@kamahen
Copy link
Author

kamahen commented Jul 11, 2024

This PR has been superseded by #283 (same changes but no bogus merge conflicts).

@kamahen kamahen closed this Jul 11, 2024
@kamahen kamahen deleted the develop-buffer branch July 11, 2024 23:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kamahen @donpellegrino @chrysn @lucafabbian