diff options
| author | Xinchen Hui <laruence@php.net> | 2011-08-09 12:16:58 +0000 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2011-08-09 12:16:58 +0000 |
| commit | 5dc319589770ef5471f8e86951118794a0368f93 (patch) | |
| tree | e58c7487f7266eacd959d8d627ac16a1604cac0e | |
| parent | 571427c7db8bb67433f84d0ef75724a5f736a9fa (diff) | |
| download | php-git-5dc319589770ef5471f8e86951118794a0368f93.tar.gz | |
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
| -rw-r--r-- | ext/ereg/regex.patch | 58 | ||||
| -rw-r--r-- | ext/ereg/regex/regerror.c | 11 | ||||
| -rw-r--r-- | ext/ereg/regex/regerror.ih | 2 | ||||
| -rw-r--r-- | ext/standard/crypt.c | 4 | ||||
| -rw-r--r-- | ext/standard/http_fopen_wrapper.c | 4 | ||||
| -rw-r--r-- | ext/standard/proc_open.c | 4 | ||||
| -rw-r--r-- | ext/standard/user_filters.c | 2 | ||||
| -rw-r--r-- | ext/xml/xml.c | 4 | ||||
| -rw-r--r-- | main/fopen_wrappers.c | 5 | ||||
| -rw-r--r-- | main/streams/filter.c | 2 |
10 files changed, 74 insertions, 22 deletions
diff --git a/ext/ereg/regex.patch b/ext/ereg/regex.patch index d10a9b9a46..c1e1d7d483 100644 --- a/ext/ereg/regex.patch +++ b/ext/ereg/regex.patch @@ -1,12 +1,62 @@ +Only in regex: regcomp.lo +Only in regex: regcomp.o diff -u regex.orig/regerror.c regex/regerror.c ---- regex.orig/regerror.c 2011-08-09 17:31:11.000000000 +0800 -+++ regex/regerror.c 2011-08-09 17:29:53.000000000 +0800 -@@ -82,7 +82,7 @@ +--- regex.orig/regerror.c 2011-08-09 19:49:30.000000000 +0800 ++++ regex/regerror.c 2011-08-09 19:46:15.000000000 +0800 +@@ -74,7 +74,7 @@ + char convbuf[50]; + + if (errcode == REG_ATOI) +- s = regatoi(preg, convbuf); ++ s = regatoi(preg, convbuf, sizeof(convbuf)); + else { + for (r = rerrs; r->code >= 0; r++) + if (r->code == target) +@@ -82,9 +82,9 @@ if (errcode®_ITOA) { if (r->code >= 0) - (void) strcpy(convbuf, r->name); + (void) strncpy(convbuf, r->name, 50); else - sprintf(convbuf, "REG_0x%x", target); +- sprintf(convbuf, "REG_0x%x", target); ++ snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); assert(strlen(convbuf) < sizeof(convbuf)); + s = convbuf; + } else +@@ -106,12 +106,13 @@ + + /* + - regatoi - internal routine to implement REG_ATOI +- == static char *regatoi(const regex_t *preg, char *localbuf); ++ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); + */ + static char * +-regatoi(preg, localbuf) ++regatoi(preg, localbuf, bufsize) + const regex_t *preg; + char *localbuf; ++int bufsize; + { + register const struct rerr *r; + +@@ -121,6 +122,6 @@ + if (r->code < 0) + return("0"); + +- sprintf(localbuf, "%d", r->code); ++ snprintf(localbuf, bufsize, "%d", r->code); + return(localbuf); + } +diff -u regex.orig/regerror.ih regex/regerror.ih +--- regex.orig/regerror.ih 2011-08-09 19:49:00.000000000 +0800 ++++ regex/regerror.ih 2011-08-09 19:41:07.000000000 +0800 +@@ -4,7 +4,7 @@ + #endif + + /* === regerror.c === */ +-static char *regatoi(const regex_t *preg, char *localbuf); ++static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); + + #ifdef __cplusplus + } diff --git a/ext/ereg/regex/regerror.c b/ext/ereg/regex/regerror.c index f8c3ca3538..05737a462c 100644 --- a/ext/ereg/regex/regerror.c +++ b/ext/ereg/regex/regerror.c @@ -74,7 +74,7 @@ size_t errbuf_size) char convbuf[50]; if (errcode == REG_ATOI) - s = regatoi(preg, convbuf); + s = regatoi(preg, convbuf, sizeof(convbuf)); else { for (r = rerrs; r->code >= 0; r++) if (r->code == target) @@ -84,7 +84,7 @@ size_t errbuf_size) if (r->code >= 0) (void) strncpy(convbuf, r->name, 50); else - sprintf(convbuf, "REG_0x%x", target); + snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); assert(strlen(convbuf) < sizeof(convbuf)); s = convbuf; } else @@ -106,12 +106,13 @@ size_t errbuf_size) /* - regatoi - internal routine to implement REG_ATOI - == static char *regatoi(const regex_t *preg, char *localbuf); + == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); */ static char * -regatoi(preg, localbuf) +regatoi(preg, localbuf, bufsize) const regex_t *preg; char *localbuf; +int bufsize; { register const struct rerr *r; @@ -121,6 +122,6 @@ char *localbuf; if (r->code < 0) return("0"); - sprintf(localbuf, "%d", r->code); + snprintf(localbuf, bufsize, "%d", r->code); return(localbuf); } diff --git a/ext/ereg/regex/regerror.ih b/ext/ereg/regex/regerror.ih index 2cb668c24f..5ff158e57d 100644 --- a/ext/ereg/regex/regerror.ih +++ b/ext/ereg/regex/regerror.ih @@ -4,7 +4,7 @@ extern "C" { #endif /* === regerror.c === */ -static char *regatoi(const regex_t *preg, char *localbuf); +static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); #ifdef __cplusplus } diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 865a25beb1..3bac50f9e4 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -170,10 +170,10 @@ PHP_FUNCTION(crypt) /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ if (!*salt) { #if PHP_MD5_CRYPT - strcpy(salt, "$1$"); + strncpy(salt, "$1$", PHP_MAX_SALT_LEN); php_to64(&salt[3], PHP_CRYPT_RAND, 4); php_to64(&salt[7], PHP_CRYPT_RAND, 4); - strcpy(&salt[11], "$"); + strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); #elif PHP_STD_DES_CRYPT php_to64(&salt[0], PHP_CRYPT_RAND, 2); salt[2] = '\0'; diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 7a918d9c83..4567efc1f2 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -330,7 +330,7 @@ finish: scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); scratch = emalloc(scratch_len); strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); - strcat(scratch, " "); + strncat(scratch, " ", 1); } } } @@ -344,7 +344,7 @@ finish: if (!scratch) { scratch_len = strlen(path) + 29 + protocol_version_len; scratch = emalloc(scratch_len); - strcpy(scratch, "GET "); + strncpy(scratch, "GET ", scratch_len); } /* Should we send the entire path in the request line, default to no. */ diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c index 9544cc03da..6b7f6ba548 100644 --- a/ext/standard/proc_open.c +++ b/ext/standard/proc_open.c @@ -155,8 +155,8 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent l = string_length + el_len + 1; memcpy(p, string_key, string_length); - strcat(p, "="); - strcat(p, data); + strncat(p, "=", 1); + strncat(p, data, el_len); #ifndef PHP_WIN32 *ep = p; diff --git a/ext/standard/user_filters.c b/ext/standard/user_filters.c index 752c52af83..9afc4f1568 100644 --- a/ext/standard/user_filters.c +++ b/ext/standard/user_filters.c @@ -311,7 +311,7 @@ static php_stream_filter *user_filter_factory_create(const char *filtername, period = wildcard + (period - filtername); while (period) { *period = '\0'; - strcat(wildcard, ".*"); + strncat(wildcard, ".*", 2); if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) { period = NULL; } else { diff --git a/ext/xml/xml.c b/ext/xml/xml.c index 6788c86bc3..78237c0bb3 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -950,7 +950,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); } else { @@ -970,7 +970,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); return; diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index f00127bc06..f4d122bbbb 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -410,7 +410,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) #endif if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) && IS_ABSOLUTE_PATH(PG(doc_root), length)) { - filename = emalloc(length + strlen(path_info) + 2); + int path_len = strlen(path_info); + filename = emalloc(length + path_len + 2); if (filename) { memcpy(filename, PG(doc_root), length); if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */ @@ -419,7 +420,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) if (IS_SLASH(path_info[0])) { length--; } - strcpy(filename + length, path_info); + strncpy(filename + length, path_info, path_len + 1); } } else { filename = SG(request_info).path_translated; diff --git a/main/streams/filter.c b/main/streams/filter.c index 623c66f96d..99293259e7 100644 --- a/main/streams/filter.c +++ b/main/streams/filter.c @@ -270,7 +270,7 @@ PHPAPI php_stream_filter *php_stream_filter_create(const char *filtername, zval period = wildname + (period - filtername); while (period && !filter) { *period = '\0'; - strcat(wildname, ".*"); + strncat(wildname, ".*", 2); if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) { filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC); } |