luke
/
magic
mirror of https://github.com/RTimothyEdwards/magic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed a potential string overrun crash condition when doing 

"getnode", as there is no limit on the length of a hierarchical
node name, and no check on the string length when copying back into
a fixed-length character array.
This commit is contained in:
R. Timothy Edwards 2026-05-25 14:39:12 -04:00
parent 5ecf10c022
commit 1a16502a69
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sim/SimDBstuff.c
View File

@ -93,7 +93,7 @@ SimConnectFunc(
TileType loctype, ctype;
TileType newdinfo = 0;
int i, pNum;
static char nodeName[256];
static char nodeName[MAXPATHNAME];
CellDef *def;
TerminalPath *tpath = cx->tc_filter->tf_tpath;
@ -133,7 +133,8 @@ SimConnectFunc(
char c = *n;
SigDisableInterrupts();
strcpy(nodeName, SimGetNodeName(cx->tc_scx, tile, dinfo, tpath->tp_first));
strncpy(nodeName, SimGetNodeName(cx->tc_scx, tile, dinfo, tpath->tp_first),
MAXPATHNAME);
SigEnableInterrupts();
*n = c;