- 2010.07.08 18:03 "Re: [Tiff] strlcpy vs strncpy", by Lee Howard
-
2010.07.08 18:06 "Re: [Tiff] strlcpy vs strncpy", by Olivier Paquet
- 2010.07.11 17:36 "Re: [Tiff] strlcpy vs strncpy", by Edward Lam
-
2010.08.06 18:21 "Re: [Tiff] tiff4 on 32-bit Windows", by Toby Thain
-
2010.08.06 15:05 "[Tiff] tiff4 on 32-bit Windows", by John
- 2010.08.06 15:21 "Re: [Tiff] tiff4 on 32-bit Windows", by Bob Friesenhahn
- 2010.08.06 15:37 "Re: [Tiff] tiff4 on 32-bit Windows", by Olivier Paquet
- 2010.08.07 06:34 "[Tiff] tiffcp crashes on planar to strip conversion for < 8 bit", by Andreas Kleinert
-
2010.08.06 15:05 "[Tiff] tiff4 on 32-bit Windows", by John
- 2010.07.10 11:04 "Re: [Tiff] strlcpy vs strncpy", by Albert Cahalan
- 2010.07.12 17:34 "Re: [Tiff] strlcpy vs strncpy", by Dmitry V. Levin
- 2010.08.02 19:47 "Re: [Tiff] BigTIFF Support in LibTiff", by Gajera Tejas
- 2010.08.19 17:18 "[Tiff] tiff2ps page sizing options", by Richard Nolde
2010.07.12 20:31 "Re: [Tiff] strncpy in tiffcrop", by Edward Lam
Richard Nolde wrote:
>> I only see problematic uses of strncpy in tiffcrop. The other uses of
>>
I'm usually pretty careful to make sure that the buffer is large enough to hold the original string plus the terminating NULL, but I'll check the code when I get a chance.
I must admit that I only took a cursory look at the code only to note whether we failed to NUL terminate after calling strncpy() so that it could very well be that tiffcrop's use of strncpy() is ok. I had more intended to point out that the other cases should be fine because we already NUL terminated immediately afterwards.
I'll just note that the problem with failing to NUL terminate after calling strncpy() is not that there might be insufficient memory. Let's take the first strncpy() call in tiffcrop.c's update_output_file() function as an example:
strncpy (exportname, outname, PATH_MAX - 15);
If strlen(outname) >= (PATH_MAX-15), then we will end up with a potentially unterminated exportname string (depending on the contents of the stack after PATH_MAX - 15 characters).
You may want to look at tiffcp as well (which I do not maintain).
I don't see any strcpy() or strncpy() calls in it although I did spot a a few fixed length char buffers that may or may not be handled properly. :)
Best Regards,
-Edward