diff options
Diffstat (limited to 'apps')
-rw-r--r-- | apps/tagcache.c | 102 |
1 files changed, 70 insertions, 32 deletions
diff --git a/apps/tagcache.c b/apps/tagcache.c index 4c09336641..f8b5a55321 100644 --- a/apps/tagcache.c +++ b/apps/tagcache.c | |||
@@ -363,12 +363,13 @@ static int open_tag_fd(struct tagcache_header *hdr, int tag, bool write) | |||
363 | { | 363 | { |
364 | int fd; | 364 | int fd; |
365 | char buf[MAX_PATH]; | 365 | char buf[MAX_PATH]; |
366 | const int bufsz = sizeof(buf); | ||
366 | int rc; | 367 | int rc; |
367 | 368 | ||
368 | if (TAGCACHE_IS_NUMERIC(tag) || tag < 0 || tag >= TAG_COUNT) | 369 | if (TAGCACHE_IS_NUMERIC(tag) || tag < 0 || tag >= TAG_COUNT) |
369 | return -1; | 370 | return -1; |
370 | 371 | ||
371 | snprintf(buf, sizeof buf, TAGCACHE_FILE_INDEX, tag); | 372 | snprintf(buf, bufsz, TAGCACHE_FILE_INDEX, tag); |
372 | 373 | ||
373 | fd = open(buf, write ? O_RDWR : O_RDONLY); | 374 | fd = open(buf, write ? O_RDWR : O_RDONLY); |
374 | if (fd < 0) | 375 | if (fd < 0) |
@@ -508,6 +509,7 @@ static long find_entry_disk(const char *filename_raw, bool localfd) | |||
508 | struct tagfile_entry tfe; | 509 | struct tagfile_entry tfe; |
509 | int fd; | 510 | int fd; |
510 | char buf[TAG_MAXLEN+32]; | 511 | char buf[TAG_MAXLEN+32]; |
512 | const long bufsz = sizeof(buf); | ||
511 | int i; | 513 | int i; |
512 | int pos = -1; | 514 | int pos = -1; |
513 | 515 | ||
@@ -549,7 +551,7 @@ static long find_entry_disk(const char *filename_raw, bool localfd) | |||
549 | break ; | 551 | break ; |
550 | } | 552 | } |
551 | 553 | ||
552 | if (tfe.tag_length >= (long)sizeof(buf)) | 554 | if (tfe.tag_length >= bufsz) |
553 | { | 555 | { |
554 | logf("too long tag #1"); | 556 | logf("too long tag #1"); |
555 | close(fd); | 557 | close(fd); |
@@ -568,6 +570,7 @@ static long find_entry_disk(const char *filename_raw, bool localfd) | |||
568 | last_pos = -1; | 570 | last_pos = -1; |
569 | return -3; | 571 | return -3; |
570 | } | 572 | } |
573 | buf[tfe.tag_length] = '\0'; | ||
571 | 574 | ||
572 | if (!strcmp(filename, buf)) | 575 | if (!strcmp(filename, buf)) |
573 | { | 576 | { |
@@ -1056,6 +1059,7 @@ static bool check_clauses(struct tagcache_search *tcs, | |||
1056 | { | 1059 | { |
1057 | int seek; | 1060 | int seek; |
1058 | char buf[256]; | 1061 | char buf[256]; |
1062 | const int bufsz = sizeof(buf); | ||
1059 | char *str = buf; | 1063 | char *str = buf; |
1060 | struct tagcache_search_clause *clause = clauses[i]; | 1064 | struct tagcache_search_clause *clause = clauses[i]; |
1061 | 1065 | ||
@@ -1076,7 +1080,7 @@ static bool check_clauses(struct tagcache_search *tcs, | |||
1076 | || clause->tag == tag_virt_basename) | 1080 | || clause->tag == tag_virt_basename) |
1077 | { | 1081 | { |
1078 | retrieve(tcs, IF_DIRCACHE(tcs->idx_id,) idx, tag_filename, | 1082 | retrieve(tcs, IF_DIRCACHE(tcs->idx_id,) idx, tag_filename, |
1079 | buf, sizeof buf); | 1083 | buf, bufsz); |
1080 | } | 1084 | } |
1081 | else | 1085 | else |
1082 | { | 1086 | { |
@@ -1102,13 +1106,18 @@ static bool check_clauses(struct tagcache_search *tcs, | |||
1102 | int fd = tcs->idxfd[tag]; | 1106 | int fd = tcs->idxfd[tag]; |
1103 | lseek(fd, seek, SEEK_SET); | 1107 | lseek(fd, seek, SEEK_SET); |
1104 | ecread_tagfile_entry(fd, &tfe); | 1108 | ecread_tagfile_entry(fd, &tfe); |
1105 | if (tfe.tag_length >= (int)sizeof(buf)) | 1109 | if (tfe.tag_length >= bufsz) |
1106 | { | 1110 | { |
1107 | logf("Too long tag read!"); | 1111 | logf("Too long tag read!"); |
1108 | return false; | 1112 | return false; |
1109 | } | 1113 | } |
1110 | 1114 | ||
1111 | read(fd, str, tfe.tag_length); | 1115 | if (read(fd, str, tfe.tag_length)!= tfe.tag_length) |
1116 | { | ||
1117 | logf("read error #15"); | ||
1118 | return false; | ||
1119 | } | ||
1120 | |||
1112 | str[tfe.tag_length] = '\0'; | 1121 | str[tfe.tag_length] = '\0'; |
1113 | 1122 | ||
1114 | /* Check if entry has been deleted. */ | 1123 | /* Check if entry has been deleted. */ |
@@ -1303,7 +1312,8 @@ static void remove_files(void) | |||
1303 | { | 1312 | { |
1304 | int i; | 1313 | int i; |
1305 | char buf[MAX_PATH]; | 1314 | char buf[MAX_PATH]; |
1306 | 1315 | const int bufsz = sizeof(buf); | |
1316 | |||
1307 | tc_stat.ready = false; | 1317 | tc_stat.ready = false; |
1308 | tc_stat.ramcache = false; | 1318 | tc_stat.ramcache = false; |
1309 | tc_stat.econ = false; | 1319 | tc_stat.econ = false; |
@@ -1313,7 +1323,7 @@ static void remove_files(void) | |||
1313 | if (TAGCACHE_IS_NUMERIC(i)) | 1323 | if (TAGCACHE_IS_NUMERIC(i)) |
1314 | continue; | 1324 | continue; |
1315 | 1325 | ||
1316 | snprintf(buf, sizeof buf, TAGCACHE_FILE_INDEX, i); | 1326 | snprintf(buf, bufsz, TAGCACHE_FILE_INDEX, i); |
1317 | remove(buf); | 1327 | remove(buf); |
1318 | } | 1328 | } |
1319 | } | 1329 | } |
@@ -1463,8 +1473,9 @@ bool tagcache_search_add_clause(struct tagcache_search *tcs, | |||
1463 | if (!TAGCACHE_IS_NUMERIC(clause->tag) && tcs->idxfd[clause->tag] < 0) | 1473 | if (!TAGCACHE_IS_NUMERIC(clause->tag) && tcs->idxfd[clause->tag] < 0) |
1464 | { | 1474 | { |
1465 | char buf[MAX_PATH]; | 1475 | char buf[MAX_PATH]; |
1466 | 1476 | const int bufsz = sizeof(buf); | |
1467 | snprintf(buf, sizeof buf, TAGCACHE_FILE_INDEX, clause->tag); | 1477 | |
1478 | snprintf(buf, bufsz, TAGCACHE_FILE_INDEX, clause->tag); | ||
1468 | tcs->idxfd[clause->tag] = open(buf, O_RDONLY); | 1479 | tcs->idxfd[clause->tag] = open(buf, O_RDONLY); |
1469 | } | 1480 | } |
1470 | } | 1481 | } |
@@ -1477,7 +1488,9 @@ bool tagcache_search_add_clause(struct tagcache_search *tcs, | |||
1477 | 1488 | ||
1478 | static bool get_next(struct tagcache_search *tcs) | 1489 | static bool get_next(struct tagcache_search *tcs) |
1479 | { | 1490 | { |
1491 | /* WARNING pointers into buf are used in outside functions */ | ||
1480 | static char buf[TAG_MAXLEN+32]; | 1492 | static char buf[TAG_MAXLEN+32]; |
1493 | const int bufsz = sizeof(buf); | ||
1481 | struct tagfile_entry entry; | 1494 | struct tagfile_entry entry; |
1482 | #if defined(HAVE_TC_RAMCACHE) && defined(HAVE_DIRCACHE) | 1495 | #if defined(HAVE_TC_RAMCACHE) && defined(HAVE_DIRCACHE) |
1483 | long flag = 0; | 1496 | long flag = 0; |
@@ -1540,7 +1553,7 @@ static bool get_next(struct tagcache_search *tcs) | |||
1540 | 1553 | ||
1541 | if (TAGCACHE_IS_NUMERIC(tcs->type)) | 1554 | if (TAGCACHE_IS_NUMERIC(tcs->type)) |
1542 | { | 1555 | { |
1543 | snprintf(buf, sizeof(buf), "%ld", tcs->position); | 1556 | snprintf(buf, bufsz, "%ld", tcs->position); |
1544 | tcs->result = buf; | 1557 | tcs->result = buf; |
1545 | tcs->result_len = strlen(buf) + 1; | 1558 | tcs->result_len = strlen(buf) + 1; |
1546 | return true; | 1559 | return true; |
@@ -1600,8 +1613,8 @@ static bool get_next(struct tagcache_search *tcs) | |||
1600 | tcs->valid = false; | 1613 | tcs->valid = false; |
1601 | return false; | 1614 | return false; |
1602 | } | 1615 | } |
1603 | 1616 | ||
1604 | if (entry.tag_length > (long)sizeof(buf)) | 1617 | if (entry.tag_length > (long)bufsz) |
1605 | { | 1618 | { |
1606 | tcs->valid = false; | 1619 | tcs->valid = false; |
1607 | logf("too long tag #2"); | 1620 | logf("too long tag #2"); |
@@ -1621,6 +1634,7 @@ static bool get_next(struct tagcache_search *tcs) | |||
1621 | if filters or clauses are being used). | 1634 | if filters or clauses are being used). |
1622 | */ | 1635 | */ |
1623 | tcs->position += sizeof(struct tagfile_entry) + entry.tag_length; | 1636 | tcs->position += sizeof(struct tagfile_entry) + entry.tag_length; |
1637 | buf[entry.tag_length] = '\0'; | ||
1624 | tcs->result = buf; | 1638 | tcs->result = buf; |
1625 | tcs->result_len = strlen(tcs->result) + 1; | 1639 | tcs->result_len = strlen(tcs->result) + 1; |
1626 | tcs->idx_id = entry.idx_id; | 1640 | tcs->idx_id = entry.idx_id; |
@@ -2014,8 +2028,9 @@ static bool tempbuf_insert(char *str, int id, int idx_id, bool unique) | |||
2014 | unsigned crc32; | 2028 | unsigned crc32; |
2015 | unsigned *crcbuf = (unsigned *)&tempbuf[tempbuf_size-4]; | 2029 | unsigned *crcbuf = (unsigned *)&tempbuf[tempbuf_size-4]; |
2016 | char buf[TAG_MAXLEN+32]; | 2030 | char buf[TAG_MAXLEN+32]; |
2017 | 2031 | const int bufsz = sizeof(buf); | |
2018 | for (i = 0; str[i] != '\0' && i < (int)sizeof(buf)-1; i++) | 2032 | |
2033 | for (i = 0; str[i] != '\0' && i < bufsz-1; i++) | ||
2019 | buf[i] = tolower(str[i]); | 2034 | buf[i] = tolower(str[i]); |
2020 | buf[i] = '\0'; | 2035 | buf[i] = '\0'; |
2021 | 2036 | ||
@@ -2227,7 +2242,9 @@ static bool build_numeric_indices(struct tagcache_header *h, int tmpfd) | |||
2227 | int max_entries; | 2242 | int max_entries; |
2228 | int entries_processed = 0; | 2243 | int entries_processed = 0; |
2229 | int i, j; | 2244 | int i, j; |
2230 | char buf[TAG_MAXLEN]; | 2245 | |
2246 | char buf[TAG_MAXLEN + 32]; | ||
2247 | const int bufsz = sizeof(buf); | ||
2231 | 2248 | ||
2232 | max_entries = tempbuf_size / sizeof(struct temp_file_entry) - 1; | 2249 | max_entries = tempbuf_size / sizeof(struct temp_file_entry) - 1; |
2233 | 2250 | ||
@@ -2279,7 +2296,7 @@ static bool build_numeric_indices(struct tagcache_header *h, int tmpfd) | |||
2279 | */ | 2296 | */ |
2280 | #define tmpdb_read_string_tag(tag) \ | 2297 | #define tmpdb_read_string_tag(tag) \ |
2281 | lseek(tmpfd, tfe->tag_offset[tag], SEEK_CUR); \ | 2298 | lseek(tmpfd, tfe->tag_offset[tag], SEEK_CUR); \ |
2282 | if ((unsigned long)tfe->tag_length[tag] > sizeof buf) \ | 2299 | if ((unsigned long)tfe->tag_length[tag] > (unsigned long)bufsz) \ |
2283 | { \ | 2300 | { \ |
2284 | logf("read fail: buffer overflow"); \ | 2301 | logf("read fail: buffer overflow"); \ |
2285 | close(masterfd); \ | 2302 | close(masterfd); \ |
@@ -2293,6 +2310,7 @@ static bool build_numeric_indices(struct tagcache_header *h, int tmpfd) | |||
2293 | close(masterfd); \ | 2310 | close(masterfd); \ |
2294 | return false; \ | 2311 | return false; \ |
2295 | } \ | 2312 | } \ |
2313 | buf[tfe->tag_length[tag]] = '\0'; \ | ||
2296 | \ | 2314 | \ |
2297 | tfe->tag_offset[tag] = crc_32(buf, strlen(buf), 0xffffffff); \ | 2315 | tfe->tag_offset[tag] = crc_32(buf, strlen(buf), 0xffffffff); \ |
2298 | lseek(tmpfd, datastart, SEEK_SET) | 2316 | lseek(tmpfd, datastart, SEEK_SET) |
@@ -2467,6 +2485,7 @@ static int build_index(int index_type, struct tagcache_header *h, int tmpfd) | |||
2467 | struct index_entry idxbuf[IDX_BUF_DEPTH]; | 2485 | struct index_entry idxbuf[IDX_BUF_DEPTH]; |
2468 | int idxbuf_pos; | 2486 | int idxbuf_pos; |
2469 | char buf[TAG_MAXLEN+32]; | 2487 | char buf[TAG_MAXLEN+32]; |
2488 | const long bufsz = sizeof(buf); | ||
2470 | int fd = -1, masterfd; | 2489 | int fd = -1, masterfd; |
2471 | bool error = false; | 2490 | bool error = false; |
2472 | int init; | 2491 | int init; |
@@ -2543,6 +2562,7 @@ static int build_index(int index_type, struct tagcache_header *h, int tmpfd) | |||
2543 | if (tempbuf_left - TAGFILE_ENTRY_AVG_LENGTH * commit_entry_count < 0) | 2562 | if (tempbuf_left - TAGFILE_ENTRY_AVG_LENGTH * commit_entry_count < 0) |
2544 | { | 2563 | { |
2545 | logf("Buffer way too small!"); | 2564 | logf("Buffer way too small!"); |
2565 | close(fd); | ||
2546 | return 0; | 2566 | return 0; |
2547 | } | 2567 | } |
2548 | 2568 | ||
@@ -2569,7 +2589,7 @@ static int build_index(int index_type, struct tagcache_header *h, int tmpfd) | |||
2569 | return -2; | 2589 | return -2; |
2570 | } | 2590 | } |
2571 | 2591 | ||
2572 | if (entry.tag_length >= (int)sizeof(buf)) | 2592 | if (entry.tag_length >= bufsz) |
2573 | { | 2593 | { |
2574 | logf("too long tag #3"); | 2594 | logf("too long tag #3"); |
2575 | close(fd); | 2595 | close(fd); |
@@ -2582,7 +2602,7 @@ static int build_index(int index_type, struct tagcache_header *h, int tmpfd) | |||
2582 | close(fd); | 2602 | close(fd); |
2583 | return -2; | 2603 | return -2; |
2584 | } | 2604 | } |
2585 | 2605 | buf[entry.tag_length] = '\0'; | |
2586 | /* Skip deleted entries. */ | 2606 | /* Skip deleted entries. */ |
2587 | if (buf[0] == '\0') | 2607 | if (buf[0] == '\0') |
2588 | continue; | 2608 | continue; |
@@ -2613,7 +2633,7 @@ static int build_index(int index_type, struct tagcache_header *h, int tmpfd) | |||
2613 | * Creating new index file to store the tags. No need to preload | 2633 | * Creating new index file to store the tags. No need to preload |
2614 | * anything whether the index type is sorted or not. | 2634 | * anything whether the index type is sorted or not. |
2615 | */ | 2635 | */ |
2616 | snprintf(buf, sizeof buf, TAGCACHE_FILE_INDEX, index_type); | 2636 | snprintf(buf, bufsz, TAGCACHE_FILE_INDEX, index_type); |
2617 | fd = open(buf, O_WRONLY | O_CREAT | O_TRUNC, 0666); | 2637 | fd = open(buf, O_WRONLY | O_CREAT | O_TRUNC, 0666); |
2618 | if (fd < 0) | 2638 | if (fd < 0) |
2619 | { | 2639 | { |
@@ -2715,7 +2735,7 @@ static int build_index(int index_type, struct tagcache_header *h, int tmpfd) | |||
2715 | } | 2735 | } |
2716 | 2736 | ||
2717 | /* Read data. */ | 2737 | /* Read data. */ |
2718 | if (entry.tag_length[index_type] >= (long)sizeof(buf)) | 2738 | if (entry.tag_length[index_type] >= (long)bufsz) |
2719 | { | 2739 | { |
2720 | logf("too long entry!"); | 2740 | logf("too long entry!"); |
2721 | error = true; | 2741 | error = true; |
@@ -2730,6 +2750,7 @@ static int build_index(int index_type, struct tagcache_header *h, int tmpfd) | |||
2730 | error = true; | 2750 | error = true; |
2731 | goto error_exit; | 2751 | goto error_exit; |
2732 | } | 2752 | } |
2753 | buf[entry.tag_length[index_type]] = '\0'; | ||
2733 | 2754 | ||
2734 | if (TAGCACHE_IS_UNIQUE(index_type)) | 2755 | if (TAGCACHE_IS_UNIQUE(index_type)) |
2735 | error = !tempbuf_insert(buf, i, -1, true); | 2756 | error = !tempbuf_insert(buf, i, -1, true); |
@@ -3306,9 +3327,11 @@ void tagcache_update_numeric(int idx_id, int tag, long data) | |||
3306 | static bool write_tag(int fd, const char *tagstr, const char *datastr) | 3327 | static bool write_tag(int fd, const char *tagstr, const char *datastr) |
3307 | { | 3328 | { |
3308 | char buf[512]; | 3329 | char buf[512]; |
3330 | const int bufsz = sizeof(buf); | ||
3309 | int i; | 3331 | int i; |
3310 | 3332 | ||
3311 | snprintf(buf, sizeof buf, "%s=\"", tagstr); | 3333 | snprintf(buf, bufsz, "%s=\"", tagstr); |
3334 | |||
3312 | for (i = strlen(buf); i < (long)sizeof(buf)-4; i++) | 3335 | for (i = strlen(buf); i < (long)sizeof(buf)-4; i++) |
3313 | { | 3336 | { |
3314 | if (*datastr == '\0') | 3337 | if (*datastr == '\0') |
@@ -3327,7 +3350,8 @@ static bool write_tag(int fd, const char *tagstr, const char *datastr) | |||
3327 | buf[i] = *(datastr++); | 3350 | buf[i] = *(datastr++); |
3328 | } | 3351 | } |
3329 | 3352 | ||
3330 | strcpy(&buf[i], "\" "); | 3353 | buf[bufsz - 1] = '\0'; |
3354 | strlcpy(&buf[i], "\" ", (bufsz - i - 1)); | ||
3331 | 3355 | ||
3332 | write(fd, buf, i + 2); | 3356 | write(fd, buf, i + 2); |
3333 | 3357 | ||
@@ -3487,6 +3511,7 @@ bool tagcache_import_changelog(void) | |||
3487 | int clfd; | 3511 | int clfd; |
3488 | long masterfd; | 3512 | long masterfd; |
3489 | char buf[2048]; | 3513 | char buf[2048]; |
3514 | const int bufsz = sizeof(buf); | ||
3490 | 3515 | ||
3491 | if (!tc_stat.ready) | 3516 | if (!tc_stat.ready) |
3492 | return false; | 3517 | return false; |
@@ -3510,8 +3535,8 @@ bool tagcache_import_changelog(void) | |||
3510 | write_lock++; | 3535 | write_lock++; |
3511 | 3536 | ||
3512 | filenametag_fd = open_tag_fd(&tch, tag_filename, false); | 3537 | filenametag_fd = open_tag_fd(&tch, tag_filename, false); |
3513 | 3538 | ||
3514 | fast_readline(clfd, buf, sizeof buf, (void *)(intptr_t)masterfd, | 3539 | fast_readline(clfd, buf, bufsz, (void *)(intptr_t)masterfd, |
3515 | parse_changelog_line); | 3540 | parse_changelog_line); |
3516 | 3541 | ||
3517 | close(clfd); | 3542 | close(clfd); |
@@ -3537,6 +3562,7 @@ bool tagcache_create_changelog(struct tagcache_search *tcs) | |||
3537 | struct master_header myhdr; | 3562 | struct master_header myhdr; |
3538 | struct index_entry idx; | 3563 | struct index_entry idx; |
3539 | char buf[TAG_MAXLEN+32]; | 3564 | char buf[TAG_MAXLEN+32]; |
3565 | const int bufsz = sizeof(buf); | ||
3540 | char temp[32]; | 3566 | char temp[32]; |
3541 | int clfd; | 3567 | int clfd; |
3542 | int i, j; | 3568 | int i, j; |
@@ -3600,7 +3626,7 @@ bool tagcache_create_changelog(struct tagcache_search *tcs) | |||
3600 | } | 3626 | } |
3601 | 3627 | ||
3602 | tcs->type = j; | 3628 | tcs->type = j; |
3603 | tagcache_retrieve(tcs, i, tcs->type, buf, sizeof buf); | 3629 | tagcache_retrieve(tcs, i, tcs->type, buf, bufsz); |
3604 | write_tag(clfd, tagcache_tag_to_str(j), buf); | 3630 | write_tag(clfd, tagcache_tag_to_str(j), buf); |
3605 | } | 3631 | } |
3606 | 3632 | ||
@@ -3623,6 +3649,7 @@ static bool delete_entry(long idx_id) | |||
3623 | struct index_entry idx, myidx; | 3649 | struct index_entry idx, myidx; |
3624 | struct master_header myhdr; | 3650 | struct master_header myhdr; |
3625 | char buf[TAG_MAXLEN+32]; | 3651 | char buf[TAG_MAXLEN+32]; |
3652 | const int bufsz = sizeof(buf); | ||
3626 | int in_use[TAG_COUNT]; | 3653 | int in_use[TAG_COUNT]; |
3627 | 3654 | ||
3628 | logf("delete_entry(): %ld", idx_id); | 3655 | logf("delete_entry(): %ld", idx_id); |
@@ -3737,11 +3764,18 @@ static bool delete_entry(long idx_id) | |||
3737 | goto cleanup; | 3764 | goto cleanup; |
3738 | } | 3765 | } |
3739 | 3766 | ||
3767 | if (tfe.tag_length >= (long)bufsz) | ||
3768 | { | ||
3769 | logf("too long tag #4"); | ||
3770 | goto cleanup; | ||
3771 | } | ||
3772 | |||
3740 | if (read(fd, buf, tfe.tag_length) != tfe.tag_length) | 3773 | if (read(fd, buf, tfe.tag_length) != tfe.tag_length) |
3741 | { | 3774 | { |
3742 | logf("delete_entry(): read error #4"); | 3775 | logf("delete_entry(): read error #4"); |
3743 | goto cleanup; | 3776 | goto cleanup; |
3744 | } | 3777 | } |
3778 | buf[tfe.tag_length] = '\0'; | ||
3745 | 3779 | ||
3746 | myidx.tag_seek[tag] = crc_32(buf, strlen(buf), 0xffffffff); | 3780 | myidx.tag_seek[tag] = crc_32(buf, strlen(buf), 0xffffffff); |
3747 | } | 3781 | } |
@@ -4254,10 +4288,11 @@ static bool check_deleted_files(void) | |||
4254 | { | 4288 | { |
4255 | int fd; | 4289 | int fd; |
4256 | char buf[TAG_MAXLEN+32]; | 4290 | char buf[TAG_MAXLEN+32]; |
4291 | const int bufsz = sizeof(buf); | ||
4257 | struct tagfile_entry tfe; | 4292 | struct tagfile_entry tfe; |
4258 | 4293 | ||
4259 | logf("reverse scan..."); | 4294 | logf("reverse scan..."); |
4260 | snprintf(buf, sizeof buf, TAGCACHE_FILE_INDEX, tag_filename); | 4295 | snprintf(buf, bufsz, TAGCACHE_FILE_INDEX, tag_filename); |
4261 | fd = open(buf, O_RDONLY); | 4296 | fd = open(buf, O_RDONLY); |
4262 | 4297 | ||
4263 | if (fd < 0) | 4298 | if (fd < 0) |
@@ -4270,7 +4305,7 @@ static bool check_deleted_files(void) | |||
4270 | while (ecread_tagfile_entry(fd, &tfe) == sizeof(struct tagfile_entry) | 4305 | while (ecread_tagfile_entry(fd, &tfe) == sizeof(struct tagfile_entry) |
4271 | && !check_event_queue()) | 4306 | && !check_event_queue()) |
4272 | { | 4307 | { |
4273 | if (tfe.tag_length >= (long)sizeof(buf)-1) | 4308 | if (tfe.tag_length >= (long)bufsz-1) |
4274 | { | 4309 | { |
4275 | logf("too long tag"); | 4310 | logf("too long tag"); |
4276 | close(fd); | 4311 | close(fd); |
@@ -4283,6 +4318,7 @@ static bool check_deleted_files(void) | |||
4283 | close(fd); | 4318 | close(fd); |
4284 | return false; | 4319 | return false; |
4285 | } | 4320 | } |
4321 | buf[tfe.tag_length] = '\0'; | ||
4286 | 4322 | ||
4287 | /* Check if the file has already deleted from the db. */ | 4323 | /* Check if the file has already deleted from the db. */ |
4288 | if (*buf == '\0') | 4324 | if (*buf == '\0') |
@@ -4314,12 +4350,13 @@ static void NO_INLINE check_ignore(const char *dirname, | |||
4314 | int *ignore, int *unignore) | 4350 | int *ignore, int *unignore) |
4315 | { | 4351 | { |
4316 | char newpath[MAX_PATH]; | 4352 | char newpath[MAX_PATH]; |
4353 | const int bufsz = sizeof(newpath); | ||
4317 | 4354 | ||
4318 | /* check for a database.ignore file */ | 4355 | /* check for a database.ignore file */ |
4319 | snprintf(newpath, MAX_PATH, "%s/database.ignore", dirname); | 4356 | snprintf(newpath, bufsz, "%s/database.ignore", dirname); |
4320 | *ignore = file_exists(newpath); | 4357 | *ignore = file_exists(newpath); |
4321 | /* check for a database.unignore file */ | 4358 | /* check for a database.unignore file */ |
4322 | snprintf(newpath, MAX_PATH, "%s/database.unignore", dirname); | 4359 | snprintf(newpath, bufsz, "%s/database.unignore", dirname); |
4323 | *unignore = file_exists(newpath); | 4360 | *unignore = file_exists(newpath); |
4324 | } | 4361 | } |
4325 | 4362 | ||
@@ -4365,6 +4402,7 @@ static bool add_search_root(const char *name) | |||
4365 | #ifndef WIN32 | 4402 | #ifndef WIN32 |
4366 | struct search_roots_ll *this, *prev = NULL; | 4403 | struct search_roots_ll *this, *prev = NULL; |
4367 | char target[MAX_PATH]; | 4404 | char target[MAX_PATH]; |
4405 | const int target_bufsz = sizeof(target); | ||
4368 | /* Okay, realpath() is almost completely broken on android | 4406 | /* Okay, realpath() is almost completely broken on android |
4369 | * | 4407 | * |
4370 | * It doesn't accept NULL for resolved_name to dynamically allocate | 4408 | * It doesn't accept NULL for resolved_name to dynamically allocate |
@@ -4378,7 +4416,7 @@ static bool add_search_root(const char *name) | |||
4378 | static char abs_target[PATH_MAX]; | 4416 | static char abs_target[PATH_MAX]; |
4379 | ssize_t len; | 4417 | ssize_t len; |
4380 | 4418 | ||
4381 | len = readlink(name, target, sizeof(target)-1); | 4419 | len = readlink(name, target, target_bufsz-1); |
4382 | if (len < 0) | 4420 | if (len < 0) |
4383 | return false; | 4421 | return false; |
4384 | 4422 | ||
@@ -4396,7 +4434,7 @@ static bool add_search_root(const char *name) | |||
4396 | { | 4434 | { |
4397 | size_t len = strlen(abs_target) + 1; /* count \0 */ | 4435 | size_t len = strlen(abs_target) + 1; /* count \0 */ |
4398 | this = malloc(sizeof(struct search_roots_ll) + len ); | 4436 | this = malloc(sizeof(struct search_roots_ll) + len ); |
4399 | if (!this || len > MAX_PATH) | 4437 | if (!this || len > MIN(PATH_MAX, MAX_PATH)) |
4400 | { | 4438 | { |
4401 | logf("Error at adding a search root: %s", this ? "path too long":"OOM"); | 4439 | logf("Error at adding a search root: %s", this ? "path too long":"OOM"); |
4402 | free(this); | 4440 | free(this); |
@@ -4583,7 +4621,7 @@ void do_tagcache_build(const char *path[]) | |||
4583 | /* check_dir might add new roots */ | 4621 | /* check_dir might add new roots */ |
4584 | for(this = &roots_ll[0]; this; this = this->next) | 4622 | for(this = &roots_ll[0]; this; this = this->next) |
4585 | { | 4623 | { |
4586 | strcpy(curpath, this->path); | 4624 | strlcpy(curpath, this->path, sizeof(curpath)); |
4587 | ret = ret && check_dir(this->path, true); | 4625 | ret = ret && check_dir(this->path, true); |
4588 | } | 4626 | } |
4589 | free_search_roots(&roots_ll[0]); | 4627 | free_search_roots(&roots_ll[0]); |