Hi all,
the VMS-Compiler complained about an array overflow in gdd/dbMapper.cc (EPICS
R3.13.3).
line 1094: (function: mapGraphicGddToEnum() )
strncpy(&(db->strs[i][0]),str[i].fixed_string,
sizeof(aitFixedString));
db->strs[i][sizeof(aitFixedString)-1u] = '\0';
db is of type dbr_gr_enum with db->strs[MAX_ENUM_STATES][MAX_ENUM_STRING_SIZE]
with MAX_ENUM_STATES = 16 and MAX_ENUM_STRING_SIZE = 26
aitFixedString is a char array of size AIT_FIXED_STRING_SIZE, which is defined
to be 40.
So strncpy may copy up to 40 characters into a char-array with length 26, which
could corrupt memory (especially if the enum array is filled up with 16
entries).
Same problem at line: 1117 (function: mapControlGddToEnum() )
Better is the following:
strncpy(...,...,MAX_ENUM_STRING_SIZE);
db->strs[i][MAX_ENUM_STRING_SIZE-1u] = '\0';
Jens
- Navigate by Date:
- Prev:
RE: UDP error Jeff Hill
- Next:
EPICS runtime problems on Motorola mv162-P242E CPUs Dave Barker
- Index:
1994
1995
1996
1997
1998
1999
2000
<2001>
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
RE: UDP error Jeff Hill
- Next:
EPICS runtime problems on Motorola mv162-P242E CPUs Dave Barker
- Index:
1994
1995
1996
1997
1998
1999
2000
<2001>
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|