JIANG/EPANET
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

fixes issue where a string position an underflow (#676)

Browse Source 
under some circumstances, like certain input lines that have long comments, the code here can cause an underflow in size_t which casts to a very large integer during comparison and results in the number of tokens being over-reported (max of 40). Most of these tokens are of course garbage. Changing this `len` variable to an integer permits it to be less than zero, thus allowing an exit from the `while` at L665.
This commit is contained in:
Sam Hatchett
2022-06-14 09:36:56 -04:00
committed by GitHub
parent 4d66af19a5
commit c500cddd6d
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/input2.c
View File

@@ -630,7 +630,7 @@ int gettokens(char *s, char** Tok, int maxToks, char *comment)
*/ */
{ {
int n; int n;
size_t len, m; int len, m;
char *c, *c2; char *c, *c2;
// clear comment // clear comment
@@ -648,10 +648,10 @@ int gettokens(char *s, char** Tok, int maxToks, char *comment)
if (c2) if (c2)
{ {
// there is a comment here, after the semi-colon. // there is a comment here, after the semi-colon.
len = strlen(c2); len = (int)strlen(c2);
if (len > 0) if (len > 0)
{ {
len = strcspn(c2, "\n\r"); len = (int)strcspn(c2, "\n\r");
len = MIN(len, MAXMSG); len = MIN(len, MAXMSG);
strncpy(comment, c2, len); strncpy(comment, c2, len);
comment[MIN(len,MAXMSG)] = '\0'; comment[MIN(len,MAXMSG)] = '\0';