Commit 67daf3de authored by Ralf Habacker's avatar Ralf Habacker
Browse files

Coverity check CID 268401: Copy into fixed size buffer (STRING_OVERFLOW)

You might overrun the 1024-character fixed-size string URL by copying the
return value of constData without checking the length.

We now use a QByteArray instance instead of a fixed char buffer.
parent ff066c14
...@@ -69,19 +69,8 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch ...@@ -69,19 +69,8 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch
qDebug() << "converted" << _URL << "to" << url; qDebug() << "converted" << _URL << "to" << url;
} }
} }
char URL[1024];
strcpy(URL,url.toLatin1().constData());
const char *lastsegment = URL; QByteArray URL = url.toLatin1();
const char *iter = URL;
if (nbpaths > 0) {
while (*iter != 0) {
if (*iter == '/')
lastsegment = iter + 1;
iter++;
}
}
if ((ctxt != NULL) && (ctxt->sax != NULL)) { if ((ctxt != NULL) && (ctxt->sax != NULL)) {
warning = ctxt->sax->warning; warning = ctxt->sax->warning;
...@@ -89,7 +78,7 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch ...@@ -89,7 +78,7 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch
} }
if (defaultEntityLoader != NULL) { if (defaultEntityLoader != NULL) {
ret = defaultEntityLoader(URL, ID, ctxt); ret = defaultEntityLoader(URL.constData(), ID, ctxt);
if (ret != NULL) { if (ret != NULL) {
if (warning != NULL) if (warning != NULL)
ctxt->sax->warning = warning; ctxt->sax->warning = warning;
...@@ -97,6 +86,10 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch ...@@ -97,6 +86,10 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch
return(ret); return(ret);
} }
} }
int j = URL.lastIndexOf("/");
const char *lastsegment = j > -1 ? URL.constData()+j+1 : URL.constData();
for (int i = 0;i < nbpaths;i++) { for (int i = 0;i < nbpaths;i++) {
xmlChar *newURL; xmlChar *newURL;
...@@ -117,8 +110,8 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch ...@@ -117,8 +110,8 @@ static xmlParserInputPtr xsltprocExternalEntityLoader(const char *_URL, const ch
} }
if (warning != NULL) { if (warning != NULL) {
ctxt->sax->warning = warning; ctxt->sax->warning = warning;
if (URL != NULL) if (_URL != NULL)
warning(ctxt, "failed to load external entity \"%s\"\n", URL); warning(ctxt, "failed to load external entity \"%s\"\n", _URL);
else if (ID != NULL) else if (ID != NULL)
warning(ctxt, "failed to load external entity \"%s\"\n", ID); warning(ctxt, "failed to load external entity \"%s\"\n", ID);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment