On Tue, 23 Apr 2002, Peter Finlayson wrote:
> [...] then reads 512 bytes from a file into 'tmp' [...]
Actually, it reads at most 511 bytes from a file into 'tmp', as
fgets() ensures the string is properly terminated. However, your concern
remains correct because:
point = tmp + strlen(tmp) - 1;
If we let strlen(tmp) be 511, then
point = tmp + 511 - 1; /* => tmp + 510 */
and so
*(point++) = '\r';
*(point++) = '\n';
*point = '\0';
becomes:
tmp[510] = '\r';
tmp[511] = '\n';
tmp[512] = '\0'; /* Oops! */
A trivial fix is to increase the size of buf by 1, which is probably the
solution I will (at least, initially) check in. It's not a serious bug,
so I don't think it merits any considerable re-engineering of the code
around it. Anyone have larger issues with this quick fix?
-dak
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/25/03 PDT