----------------------------------------------------------------------------------
@MSGID: 2@dont-email.me> 1042da04
@REPLY: <ygaedizitb9.fsf@akutech.de> bf8db041
@REPLYADDR The Natural Philosopher
<tnp@invalid.invalid>
@REPLYTO 2:5075/128 The Natural Philosopher
@CHRS: CP866 2
@RFC: 1 0
@RFC-Message-ID: 2@dont-email.me>
@RFC-References: 1@dont-email.me>
<ygamsxoixhx.fsf@akutech.de> 4@dont-email.me> <ygail8biyxm.fsf@akutech.de>
1@dont-email.me> <ygaedizitb9.fsf@akutech.de>
@TZUTC: 0100
@PID: Mozilla/5.0 (X11; Linux x86_64; rv:102.0)
Gecko/20100101 Thunderbird/102.15.1
@TID: FIDOGATE-5.12-ge4e8b94
On 15/09/2023 12:12, Ralf Fassel wrote:
> You trust the contents of `outside`-files very much, do you? ;-)
> I don`t know who can create files in the directory you`re scanning, but
> not *assuring* the input you expect is another possible cause for
> problems...
>
> * The Natural Philosopher <
tnp@invalid.invalid>
> | > Further possibilities:
> | > - how is `filbuf` used after the fread()? If you use it as C-string, make
> | > sure it is 0-terminated (fread() won`t do that for you). Maybe use
> | > fgets(3) instead?
> | >
> | dir = opendir(VOLATILE_DIR);
>>
> | if(!dir)
> | return;
> | while ((dp = readdir (dir)) != NULL)
> [looks good, error checks for stat() et al couldn`t hurt]
> --
--
> | if(len=strncmp(filbuf,"ZONE",4)) //supposed to reject
> | a file whose contents do not start with ZONE
> | goto baddata;
> |
> | // looking very much like a temperature file
> | i=(int)filbuf[4] -`1`; // this is our zone from
> | "ZONE2" etc. 1-4 is zone but index is 0-3 so subtract
> | `1`
>
> The access of filbuf[4] is ok (since you checked that there are at least
> 4 characters in the file), but what if nothing follows after the `ZONE`,
> or ZONE is followed by anything but [1-4]?
That cannot happen. Its hard wired into the code that writes the file
> => Assert that `i` is in the valid index range here, before using it as
> index into other arrays.
>
> | p=strstr(filbuf,"
");
> | if(p)
> | {
> | p++;
> | if(q=strstr(p,"
"))
> | {
> | *q++=0;
> | thermometers[i].name=strdup(p); //
> | make a copy of the name and attach it
> | to our thermometer structure
>
> Memory leak if thermometers[i].name already contains something.
>
further up the line...
bzero(filbuf,sizeof(filbuf));
/** first thing to do is clean any allocated memory used to store
values. **/
for(i=0;i
free(thermometers[i].name);
> Other than that, I really would have it running under a debugger or
> valgrind, since then *if* it crashes, you *know* *where* in your code it
> crashes.
>
Last resort. I have to learn how to *use* those tools.
Right now I am working on other stuff and am content to change one thing
at a time to see if that makes any difference.
That is a low user time strategy.
> Good luck hunting!
> R`
Thank you. The input has been valuable. And I now have further
strategies in reserve.
As with all intermittent faults, the thing you need most is a reliable
way to make the fault occur.
--
"The great thing about Glasgow is that if there`s a nuclear attack it`ll
look exactly the same afterwards."
Billy Connolly
--- Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
* Origin: A little, after lunch (2:5075/128)
SEEN-BY: 5001/100 5005/49 5015/255 5019/40 5020/715
848 1042 4441 12000
SEEN-BY: 5030/49 1081 5058/104 5075/128
@PATH: 5075/128 5020/1042 4441