LibTiff Mailing List
TIFF and LibTiff Mailing List Archive
July 2010
Previous Thread
Next Thread
Previous by Thread
Next by Thread
Previous by Date
Next by Date
Contact
The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems
Thread
2010.07.12 20:31 "Re: strncpy in tiffcrop", by Edward Lam
Richard Nolde wrote:
>> I only see problematic uses of strncpy in tiffcrop. The other uses of
>>
> I'm usually pretty careful to make sure that the buffer is large enough
> to hold the original string plus the terminating NULL, but I'll check
> the code when I get a chance.
I must admit that I only took a cursory look at the code only to note
whether we failed to NUL terminate after calling strncpy() so that it
could very well be that tiffcrop's use of strncpy() is ok. I had more
intended to point out that the other cases should be fine because we
already NUL terminated immediately afterwards.
I'll just note that the problem with failing to NUL terminate after
calling strncpy() is not that there might be insufficient memory. Let's
take the first strncpy() call in tiffcrop.c's update_output_file()
function as an example:
strncpy (exportname, outname, PATH_MAX - 15);
If strlen(outname) >= (PATH_MAX-15), then we will end up with a
potentially unterminated exportname string (depending on the contents of
the stack after PATH_MAX - 15 characters).
> You may want to look at tiffcp as well (which I do not maintain).
I don't see any strcpy() or strncpy() calls in it although I did spot a
a few fixed length char buffers that may or may not be handled properly. :)
Best Regards,
-Edward