[sword-devel] crashes with ciphering code

Joachim Ansorg nospam+sword-devel at joachim-ansorg.de
Mon Nov 27 14:21:49 MST 2006

>   zStr::getCompressedText calls
>  strcpy(*buf, cacheBlock->getEntry(entry));

My fix for this would be (without digging deep into the sources) in line 438 
of zstr.cpp: 
	strncpy(*buf, cacheBlock->getEntry(entry), size);

strcpy expects a \0-terminated string. If the deciphering with the wrong key 
creates a char* without a proper \0 this would result in an address out of 
bounds. So the fix is to make sure we just copy the number of bytes which are 
available in the cacheBlock.
I did not yet think whether a \0 has to explicitely be set at the end of *buf.

Does this make sense?
Does somebody have the setup to test this?

<>< Re: deemed

More information about the sword-devel mailing list