Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix off-by-1 max file name len in dfp/dfr8 #706

Merged
merged 1 commit into from
Mar 29, 2024
Merged

Fix off-by-1 max file name len in dfp/dfr8 #706

merged 1 commit into from
Mar 29, 2024

Conversation

derobins
Copy link
Member

The "last file name" arrays in both dfp.c and dfr8.c can only hold DF_MAXFNLEN - 1 characters, so a file name of of length DF_MAXFNLEN (defined in hlimits.h) would be truncated.

This has little practical effect, as it's just used in a shortcut used when reopening files, but it's incorrect behavior and raises warnings. Other "last file" shortcut code uses correctly-sized arrays.

@derobins
Fix off-by-1 max file name len in dfp/dfr8
20b6f03 
The "last file name" arrays in both dfp.c and dfr8.c can only
hold DF_MAXFNLEN - 1 characters, so a file name of of length
DF_MAXFNLEN (defined in hlimits.h) would be truncated.

This has little practical effect, as it's just used in a shortcut
used when reopening files, but it's incorrect behavior and raises
warnings. Other "last file" shortcut code uses correctly-sized
arrays.
@derobins derobins added Component - C Library Core C library issues Type - Bug Please report security issues to help@hdfgroup.org instead of creating an issue on GitHub Priority - 2. Medium ⏹ It would be nice to have this in the next release labels Mar 29, 2024
derobins
derobins commented Mar 29, 2024
View reviewed changes
hdf/src/dfp.c
@@ -276,7 +276,7 @@ DFPnpals(const char *filename)
}

/* Get space to store the palette offsets */
if ((pal_off = (int32 *)malloc(npals * sizeof(int32))) == NULL)
if ((pal_off = (int32 *)malloc((size_t)npals * sizeof(int32))) == NULL)
HGOTO_ERROR(DFE_NOSPACE, FAIL);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was the only other warning in this file

@derobins derobins merged commit f1b34d1 into HDFGroup:master Mar 29, 2024
42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmribler bmribler bmribler approved these changes

@lrknox lrknox Awaiting requested review from lrknox lrknox is a code owner

@byrnHDF byrnHDF Awaiting requested review from byrnHDF byrnHDF is a code owner

@fortnern fortnern Awaiting requested review from fortnern fortnern is a code owner

@jhendersonHDF jhendersonHDF Awaiting requested review from jhendersonHDF jhendersonHDF is a code owner

@vchoi-hdfgroup vchoi-hdfgroup Awaiting requested review from vchoi-hdfgroup vchoi-hdfgroup is a code owner

@glennsong09 glennsong09 Awaiting requested review from glennsong09 glennsong09 is a code owner

@mattjala mattjala Awaiting requested review from mattjala mattjala is a code owner

@brtnfld brtnfld Awaiting requested review from brtnfld brtnfld is a code owner

@schwehr schwehr Awaiting requested review from schwehr schwehr is a code owner

Assignees
No one assigned
Labels
Component - C Library Core C library issues Priority - 2. Medium ⏹ It would be nice to have this in the next release Type - Bug Please report security issues to help@hdfgroup.org instead of creating an issue on GitHub
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@derobins @bmribler