From 59724dc14ec00043602052e5ac0efcf4be242754 Mon Sep 17 00:00:00 2001
From: Jonathan Wilkes <jon.w.wilkes@gmail.com>
Date: Sat, 2 Jan 2021 02:56:28 +0000
Subject: [PATCH] more fixes for warnings, mainly string truncation problems
with snprintf et al
---
pd/src/s_loader.c | 4 ++--
pd/src/s_main.c | 12 ++++++++----
pd/src/s_midi.c | 5 +++--
pd/src/s_print.c | 16 +++++++++++++---
pd/src/s_utf8.c | 7 ++++++-
pd/src/x_interface.c | 4 ++--
pd/src/x_net.c | 2 +-
pd/src/x_text.c | 5 +++++
8 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/pd/src/s_loader.c b/pd/src/s_loader.c
index d927daa29..1dc0646a8 100644
--- a/pd/src/s_loader.c
+++ b/pd/src/s_loader.c
@@ -117,7 +117,7 @@ static int sys_do_load_lib(t_canvas *canvas, const char *objectname,
const char *path)
{
char symname[MAXPDSTRING], filename[MAXPDSTRING], dirbuf[MAXPDSTRING],
- *nameptr, altsymname[MAXPDSTRING];
+ *nameptr;
const char *classname, *cnameptr;
void *dlobj;
t_xxx makeout = NULL;
@@ -159,7 +159,7 @@ static int sys_do_load_lib(t_canvas *canvas, const char *objectname,
if (hexmunge)
{
memmove(symname+6, symname, strlen(symname)+1);
- strncpy(symname, "setup_", 6);
+ memcpy(symname, "setup_", 6);
}
else strcat(symname, "_setup");
diff --git a/pd/src/s_main.c b/pd/src/s_main.c
index 2dbc5e906..7603e5d1b 100644
--- a/pd/src/s_main.c
+++ b/pd/src/s_main.c
@@ -368,7 +368,11 @@ int sys_main(int argc, char **argv)
if (getuid() != geteuid())
{
fprintf(stderr, "warning: canceling setuid privilege\n");
- setuid(getuid());
+ if (setuid(getuid()) < 0)
+ {
+ fprintf(stderr, "error: couldn't cancel setuid privilege");
+ exit(1);
+ }
}
#endif /* _WIN32 */
pd_init(); /* start the message system */
@@ -640,7 +644,7 @@ void sys_findprogdir(char *progname)
/* complicated layout: lib dir is the one we just stat-ed above */
sys_libdir = gensym(sbuf2);
/* gui lives in .../lib/pd-l2ork/bin */
- strncpy(sbuf2, sbuf, FILENAME_MAX-30);
+ strncpy(sbuf2, sbuf, FILENAME_MAX);
sbuf[FILENAME_MAX-30] = 0;
strcat(sbuf2, "/lib/pd-l2ork/bin");
sys_guidir = gensym(sbuf2);
@@ -649,8 +653,8 @@ void sys_findprogdir(char *progname)
{
/* simple layout: lib dir is the parent */
/* gui lives in .../bin */
- strncpy(sbuf2, sbuf, FILENAME_MAX-30);
- strncpy(appbuf, sbuf, FILENAME_MAX-30);
+ strncpy(sbuf2, sbuf, FILENAME_MAX);
+ strncpy(appbuf, sbuf, FILENAME_MAX);
sbuf[FILENAME_MAX-30] = 0;
sys_libdir = gensym(sbuf);
strcat(sbuf2, "/bin");
diff --git a/pd/src/s_midi.c b/pd/src/s_midi.c
index 9c9b04f2d..5d6886e26 100644
--- a/pd/src/s_midi.c
+++ b/pd/src/s_midi.c
@@ -822,7 +822,9 @@ void glob_midi_dialog(t_pd *dummy, t_symbol *s, int argc, t_atom *argv)
{
int i, nindev, noutdev;
int newmidiindev[10], newmidioutdev[10];
+#ifdef USEAPI_ALSA
int alsadevin, alsadevout;
+#endif
for (i = 0; i < 10; i++)
{
@@ -846,10 +848,9 @@ void glob_midi_dialog(t_pd *dummy, t_symbol *s, int argc, t_atom *argv)
noutdev++;
}
}
+#ifdef USEAPI_ALSA
alsadevin = atom_getintarg(20, argc, argv);
alsadevout = atom_getintarg(21, argc, argv);
-
-#ifdef USEAPI_ALSA
/* invent a story so that saving/recalling "settings" will
be able to restore the number of devices. ALSA MIDI handling
uses its own set of variables. LATER figure out how to get
diff --git a/pd/src/s_print.c b/pd/src/s_print.c
index 156f45ac6..5c6705b9d 100644
--- a/pd/src/s_print.c
+++ b/pd/src/s_print.c
@@ -77,13 +77,23 @@ static void doerror(const void *object, const char *s)
static void dologpost(const void *object, const int level, const char *s)
{
- char upbuf[MAXPDSTRING];
- upbuf[MAXPDSTRING-1]=0;
+ /* 1. s is at most MAXPDSTRING, but we're prepending a stupid header
+ below. So for sanity, we first overallocate here to ensure the stupid
+ header doesn't end up overflowing the buffer. */
+ char upbuf[MAXPDSTRING * 2];
// what about sys_printhook_verbose ?
if (sys_printhook)
{
- snprintf(upbuf, MAXPDSTRING-1, "verbose(%d): %s", level, s);
+ /* 2. The "n" in snprintf stands for "evil": we have to subtract one
+ from total size so the null doesn't get truncated */
+ snprintf(upbuf, MAXPDSTRING * 2 - 1, "verbose(%d): %s", level, s);
+ /* 3. Finally, we add a null at MAXPDSTRING-1 so that we end up with
+ a string that fits inside MAXPDSTRING for use with t_symbol, etc.
+
+ If anyone knows how I was *supposed* to do this safely within the
+ constraints of C's stupid stdlib, please teach me... */
+ upbuf[MAXPDSTRING-1]=0;
(*sys_printhook)(upbuf);
}
else if (sys_printtostderr)
diff --git a/pd/src/s_utf8.c b/pd/src/s_utf8.c
index 8cf20aa27..09d0da32e 100644
--- a/pd/src/s_utf8.c
+++ b/pd/src/s_utf8.c
@@ -80,10 +80,15 @@ int u8_utf8toucs2(uint16_t *dest, int sz, char *src, int srcsz)
}
ch = 0;
switch (nb) {
- /* these fall through deliberately */
+ /* these fall through deliberately, but commenting each explicitly
+ seems to quiet the compiler. If that's not future proof we
+ can just use copy/pasta and add the break statements */
case 3: ch += (unsigned char)*src++; ch <<= 6;
+ /* fall through */
case 2: ch += (unsigned char)*src++; ch <<= 6;
+ /* fall through */
case 1: ch += (unsigned char)*src++; ch <<= 6;
+ /* fall through */
case 0: ch += (unsigned char)*src++;
}
ch -= offsetsFromUTF8[nb];
diff --git a/pd/src/x_interface.c b/pd/src/x_interface.c
index 6753ea626..e498b5bfa 100644
--- a/pd/src/x_interface.c
+++ b/pd/src/x_interface.c
@@ -1655,10 +1655,10 @@ void *abinfo_new(void)
if(!abframe)
{
error("abinfo: only instantiable inside an ab object");
- x = 0;
+ return (0);
}
else
- x = pd_new(text_class);
+ return pd_new(text_class);
}
return (x);
}
diff --git a/pd/src/x_net.c b/pd/src/x_net.c
index e81ce2450..4ddecf63b 100644
--- a/pd/src/x_net.c
+++ b/pd/src/x_net.c
@@ -303,7 +303,7 @@ static int netsend_dosend(t_netsend *x, int sockfd,
bp += res;
}
}
- done:
+ /* done: */
if (!x->x_bin)
{
t_freebytes(buf, length);
diff --git a/pd/src/x_text.c b/pd/src/x_text.c
index 3d61d0cf3..4e5c71915 100644
--- a/pd/src/x_text.c
+++ b/pd/src/x_text.c
@@ -348,6 +348,7 @@ t_binbuf *pointertobinbuf(t_pd *x, t_gpointer *gp, t_symbol *s,
/* these are unused; they copy text from this object to and from a text
field in a scalar. */
+/*
static void text_define_frompointer(t_text_define *x, t_gpointer *gp,
t_symbol *s)
{
@@ -359,7 +360,10 @@ static void text_define_frompointer(t_text_define *x, t_gpointer *gp,
binbuf_add(x->x_textbuf.b_binbuf, binbuf_getnatom(b), binbuf_getvec(b));
}
}
+*/
+/* This doesn't seem to be used, either... */
+/*
static void text_define_topointer(t_text_define *x, t_gpointer *gp, t_symbol *s)
{
t_binbuf *b = pointertobinbuf(&x->x_textbuf.b_ob.ob_pd,
@@ -382,6 +386,7 @@ static void text_define_topointer(t_text_define *x, t_gpointer *gp, t_symbol *s)
}
}
}
+*/
/* bang: output a pointer to a struct containing this text */
void text_define_bang(t_text_define *x)
--
GitLab