Avoiding strcpy, strcat, sprintf usage to make static analyzer happy

author Xinchen Hui <laruence@php.net>

Tue, 9 Aug 2011 12:16:58 +0000 (12:16 +0000)

committer Xinchen Hui <laruence@php.net>

Tue, 9 Aug 2011 12:16:58 +0000 (12:16 +0000)
author Xinchen Hui <laruence@php.net>
Tue, 9 Aug 2011 12:16:58 +0000 (12:16 +0000)
committer Xinchen Hui <laruence@php.net>
Tue, 9 Aug 2011 12:16:58 +0000 (12:16 +0000)
diff --git a/ext/ereg/regex.patch b/ext/ereg/regex.patch

index d10a9b9a463618042f4ff2cfb0cd06e9475ef15a..c1e1d7d483c8c904cac566c995be75c071ccffe4 100644 (file)
--- a/ext/ereg/regex.patch
+++ b/ext/ereg/regex.patch
@@ -1,12 +1,62 @@
+Only in regex: regcomp.lo
+Only in regex: regcomp.o
  diff -u regex.orig/regerror.c regex/regerror.c
---- regex.orig/regerror.c      2011-08-09 17:31:11.000000000 +0800
-+++ regex/regerror.c   2011-08-09 17:29:53.000000000 +0800
-@@ -82,7 +82,7 @@
+--- regex.orig/regerror.c      2011-08-09 19:49:30.000000000 +0800
++++ regex/regerror.c   2011-08-09 19:46:15.000000000 +0800
+@@ -74,7 +74,7 @@
+       char convbuf[50];
+ 
+       if (errcode == REG_ATOI)
+-              s = regatoi(preg, convbuf);
++              s = regatoi(preg, convbuf, sizeof(convbuf));
+       else {
+               for (r = rerrs; r->code >= 0; r++)
+                       if (r->code == target)
+@@ -82,9 +82,9 @@
         
                 if (errcode&REG_ITOA) {
                         if (r->code >= 0)
  -                              (void) strcpy(convbuf, r->name);
  +                              (void) strncpy(convbuf, r->name, 50);
                         else
-                               sprintf(convbuf, "REG_0x%x", target);
+-                              sprintf(convbuf, "REG_0x%x", target);
++                              snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
                         assert(strlen(convbuf) < sizeof(convbuf));
+                       s = convbuf;
+               } else
+@@ -106,12 +106,13 @@
+ 
+ /*
+  - regatoi - internal routine to implement REG_ATOI
+- == static char *regatoi(const regex_t *preg, char *localbuf);
++ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
+  */
+ static char *
+-regatoi(preg, localbuf)
++regatoi(preg, localbuf, bufsize)
+ const regex_t *preg;
+ char *localbuf;
++int bufsize;
+ {
+       register const struct rerr *r;
+ 
+@@ -121,6 +122,6 @@
+       if (r->code < 0)
+               return("0");
+ 
+-      sprintf(localbuf, "%d", r->code);
++      snprintf(localbuf, bufsize, "%d", r->code);
+       return(localbuf);
+ }
+diff -u regex.orig/regerror.ih regex/regerror.ih
+--- regex.orig/regerror.ih     2011-08-09 19:49:00.000000000 +0800
++++ regex/regerror.ih  2011-08-09 19:41:07.000000000 +0800
+@@ -4,7 +4,7 @@
+ #endif
+ 
+ /* === regerror.c === */
+-static char *regatoi(const regex_t *preg, char *localbuf);
++static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
+ 
+ #ifdef __cplusplus
+ }
diff --git a/ext/ereg/regex/regerror.c b/ext/ereg/regex/regerror.c

index f8c3ca3538f1374cf85832c6f9c7b14aae8eb009..05737a462ce3d8436a11a578958faf24e22833ca 100644 (file)
--- a/ext/ereg/regex/regerror.c
+++ b/ext/ereg/regex/regerror.c
@@ -74,7 +74,7 @@ size_t errbuf_size)
         char convbuf[50];
  
         if (errcode == REG_ATOI)
-               s = regatoi(preg, convbuf);
+               s = regatoi(preg, convbuf, sizeof(convbuf));
         else {
                 for (r = rerrs; r->code >= 0; r++)
                         if (r->code == target)
@@ -84,7 +84,7 @@ size_t errbuf_size)
                         if (r->code >= 0)
                                 (void) strncpy(convbuf, r->name, 50);
                         else
-                               sprintf(convbuf, "REG_0x%x", target);
+                               snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
                         assert(strlen(convbuf) < sizeof(convbuf));
                         s = convbuf;
                 } else
@@ -106,12 +106,13 @@ size_t errbuf_size)
  
  /*
   - regatoi - internal routine to implement REG_ATOI
- == static char *regatoi(const regex_t *preg, char *localbuf);
+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
   */
  static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, bufsize)
  const regex_t *preg;
  char *localbuf;
+int bufsize;
  {
         register const struct rerr *r;
  
@@ -121,6 +122,6 @@ char *localbuf;
         if (r->code < 0)
                 return("0");
  
-       sprintf(localbuf, "%d", r->code);
+       snprintf(localbuf, bufsize, "%d", r->code);
         return(localbuf);
  }
diff --git a/ext/ereg/regex/regerror.ih b/ext/ereg/regex/regerror.ih

index 2cb668c24f07e246c43e054f722b7b3da6c94ce7..5ff158e57db480a6e58fed5f270920b5c5aab761 100644 (file)
--- a/ext/ereg/regex/regerror.ih
+++ b/ext/ereg/regex/regerror.ih
@@ -4,7 +4,7 @@ extern "C" {
  #endif
  
  /* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
  
  #ifdef __cplusplus
  }
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c

index 865a25beb1951969cd7c8f929004d59fb445087f..3bac50f9e47122b63a08b66d342124921ede8d8a 100644 (file)
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -170,10 +170,10 @@ PHP_FUNCTION(crypt)
         /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
         if (!*salt) {
  #if PHP_MD5_CRYPT
-               strcpy(salt, "$1$");
+               strncpy(salt, "$1$", PHP_MAX_SALT_LEN);
                 php_to64(&salt[3], PHP_CRYPT_RAND, 4);
                 php_to64(&salt[7], PHP_CRYPT_RAND, 4);
-               strcpy(&salt[11], "$");
+               strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11);
  #elif PHP_STD_DES_CRYPT
                 php_to64(&salt[0], PHP_CRYPT_RAND, 2);
                 salt[2] = '\0';
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c

index 7a918d9c8368d3ce1e2f89159a032a0bb0f3c85f..4567efc1f2169f4191b05c2b51ad4bb49d00b6dc 100644 (file)
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -330,7 +330,7 @@ finish:
                                 scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
                                 scratch = emalloc(scratch_len);
                                 strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
-                               strcat(scratch, " ");
+                               strncat(scratch, " ", 1);
                         }
                 }
         }
@@ -344,7 +344,7 @@ finish:
         if (!scratch) {
                 scratch_len = strlen(path) + 29 + protocol_version_len;
                 scratch = emalloc(scratch_len);
-               strcpy(scratch, "GET ");
+               strncpy(scratch, "GET ", scratch_len);
         }
  
         /* Should we send the entire path in the request line, default to no. */
diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c

index 9544cc03da64fc02ce5c5f4bd144475d90816d82..6b7f6ba548b2258fc938963568cc93f59d15e4b2 100644 (file)
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@@ -155,8 +155,8 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
  
                                 l = string_length + el_len + 1;
                                 memcpy(p, string_key, string_length);
-                               strcat(p, "=");
-                               strcat(p, data);
+                               strncat(p, "=", 1);
+                               strncat(p, data, el_len);
  
  #ifndef PHP_WIN32
                                 *ep = p;
diff --git a/ext/standard/user_filters.c b/ext/standard/user_filters.c

index 752c52af8347cd0d8ff50adb6d1c796e0d38c018..9afc4f1568a8785708944ce2fc3c162f4d80310b 100644 (file)
--- a/ext/standard/user_filters.c
+++ b/ext/standard/user_filters.c
@@ -311,7 +311,7 @@ static php_stream_filter *user_filter_factory_create(const char *filtername,
                         period = wildcard + (period - filtername);
                         while (period) {
                                 *period = '\0';
-                               strcat(wildcard, ".*");
+                               strncat(wildcard, ".*", 2);
                                 if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) {
                                         period = NULL;
                                 } else {
diff --git a/ext/xml/xml.c b/ext/xml/xml.c

index 6788c86bc34d8295f97966e55560fdf25697ebbe..78237c0bb3dd693598fcdd984143f2dbff54f834 100644 (file)
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -950,7 +950,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
                                         if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
                                                 int newlen = Z_STRLEN_PP(myval) + decoded_len;
                                                 Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-                                               strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+                                               strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
                                                 Z_STRLEN_PP(myval) += decoded_len;
                                                 efree(decoded_value);
                                         } else {
@@ -970,7 +970,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
                                                                 if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
                                                                         int newlen = Z_STRLEN_PP(myval) + decoded_len;
                                                                         Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-                                                                       strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+                                                                       strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
                                                                         Z_STRLEN_PP(myval) += decoded_len;
                                                                         efree(decoded_value);
                                                                         return;
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c

index f00127bc06570089bf2dd46b6233f71174d2dcd8..f4d122bbbb420f6a369e214af167911e169381aa 100644 (file)
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -410,7 +410,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
  #endif
         if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
                 IS_ABSOLUTE_PATH(PG(doc_root), length)) {
-               filename = emalloc(length + strlen(path_info) + 2);
+               int path_len = strlen(path_info);
+               filename = emalloc(length + path_len + 2);
                 if (filename) {
                         memcpy(filename, PG(doc_root), length);
                         if (!IS_SLASH(filename[length - 1])) {  /* length is never 0 */
@@ -419,7 +420,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
                         if (IS_SLASH(path_info[0])) {
                                 length--;
                         }
-                       strcpy(filename + length, path_info);
+                       strncpy(filename + length, path_info, path_len + 1);
                 }
         } else {
                 filename = SG(request_info).path_translated;
diff --git a/main/streams/filter.c b/main/streams/filter.c

index 623c66f96da30b213ada8297ddf3f3da168c6bfa..99293259e73fd4473530e7f59ff16dc6889eb804 100644 (file)
--- a/main/streams/filter.c
+++ b/main/streams/filter.c
@@ -270,7 +270,7 @@ PHPAPI php_stream_filter *php_stream_filter_create(const char *filtername, zval
                 period = wildname + (period - filtername);
                 while (period && !filter) {
                         *period = '\0';
-                       strcat(wildname, ".*");
+                       strncat(wildname, ".*", 2);
                         if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) {
                                 filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC);
                         }
author	Xinchen Hui <laruence@php.net>
	Tue, 9 Aug 2011 12:16:58 +0000 (12:16 +0000)
committer	Xinchen Hui <laruence@php.net>
	Tue, 9 Aug 2011 12:16:58 +0000 (12:16 +0000)
ext/ereg/regex.patch		patch \| blob \| history
ext/ereg/regex/regerror.c		patch \| blob \| history
ext/ereg/regex/regerror.ih		patch \| blob \| history
ext/standard/crypt.c		patch \| blob \| history
ext/standard/http_fopen_wrapper.c		patch \| blob \| history
ext/standard/proc_open.c		patch \| blob \| history
ext/standard/user_filters.c		patch \| blob \| history
ext/xml/xml.c		patch \| blob \| history
main/fopen_wrappers.c		patch \| blob \| history
main/streams/filter.c		patch \| blob \| history