:: Bug Reports

The time is now Thursday, April 7th, 2022, 12:25pm


		Forum Index :: Bug Reports :: EnergyMech 2 - long standing bug found in function sockread - copy overlapping string :: Reply to this topic

Author
agonizer		Posted :: 10:19pm, Sun, Aug 28, 2011 Subject :: EnergyMech 2 - long standing bug found in function sockread - copy overlapping string

Posts: 54		Perhaps there's someone alive who's interested: In all current emech-2 versions (afaik) the function sockread (see src/socket.c) may cause string corruption as strcpy is not allowed for copying overlapping strings. Usually it works, but on a modern computer (core2quad 64 bit, gentoo) there may be mplementations of strcopy which rely on the fact that source and destination string must not overlap. In fact i found, that the String "UserShare" has been modified to "UrerShare" and "activate" to "activete". Was fun to catch the error :) char sockread(int s, char rest, char line) { char tmp[MSGLEN]; char pt,tp; int l; pt = rest; while(pt) { if ((pt == '\n') \|\| (pt == '\r')) { pt = 0; strcpy(line,rest); pt++; while((pt == '\n') \|\| (pt == '\r')) pt++; / ERROR: strcpy -> dest and source MUST NOT overlap, see manpage! * And i got caught by an error where this shit modified the buffer * so that "UserShare" was "UrerShare", or "activate" was "activete". * (on gentoo x64) / / NO NO NO NO strcpy(rest,pt); NO NO NO NO / tp = rest; while((tp = *pt)) { tp++; pt++; }
proton		Posted :: 5:11am, Thu, Sep 22, 2011

Posts: 165		might be a problem with old libc, strcpy string integrity should be implicit, if it fails its a bad libc implementation...
agonizer		Posted :: 3:43pm, Tue, Nov 15, 2011

Posts: 54		For memcpy overlapping is ok, but for str(n)cpy the behaviour is undefined and may result in string corruption.