[sword-devel] crashes with ciphering code
nospam+sword-devel at joachim-ansorg.de
Mon Nov 27 14:21:49 MST 2006
> zStr::getCompressedText calls
> strcpy(*buf, cacheBlock->getEntry(entry));
My fix for this would be (without digging deep into the sources) in line 438
strncpy(*buf, cacheBlock->getEntry(entry), size);
strcpy expects a \0-terminated string. If the deciphering with the wrong key
creates a char* without a proper \0 this would result in an address out of
bounds. So the fix is to make sure we just copy the number of bytes which are
available in the cacheBlock.
I did not yet think whether a \0 has to explicitely be set at the end of *buf.
Does this make sense?
Does somebody have the setup to test this?
<>< Re: deemed
More information about the sword-devel