Bug#697350: Patchpatched <erfolgreich auf Virenfreiheit geprueft>

To: 697350@bugs.debian.org
Cc: Thomas Renard <cybaer42@web.de>
Subject: Bug#697350: Patchpatched <erfolgreich auf Virenfreiheit geprueft>
From: Paul Gevers <elbrus@debian.org>
Date: Wed, 09 Jan 2013 22:11:00 +0100
Message-id: <[🔎] 50EDDCE4.3080202@debian.org>
Reply-to: 697350@bugs.debian.org, 697350@bugs.debian.org
In-reply-to: <[🔎] 50EDC4CE.6030005@debian.org>
References: <[🔎] 50ED4A0B.7080602@web.de> <[🔎] 50EDC4CE.6030005@debian.org>

On 09-01-13 20:28, Paul Gevers wrote:
> On 09-01-13 11:44, Thomas Renard wrote:
>> char *strncpy(char *dest, const char *src, size_t n);
>>
>> dest and src size were swapped. This patch works for me but needs review
>> (one of the topics I hate c - I am afraid of a memory glitch)
> 
> Sorry for my previous mail, I understand your remark now. I think you
> are right. I will test your latest test (after clean-up ;) ).

I must have been sleeping. The idea of putting the length of dc_language
in the third argument of strncpy is to prevent buffer overflow, so it
definitely needs to be related to the destination, as in the original
patch of Samuel.

I used the original patch by Samuel and replaced the dc_languages by
dc_language and it works for me. Can you please verify that the attached
patch works for you?

Paul

Description: Some voice synthesizers use language descriptors which are
 longer than the currently allowed 5 characters. This patch fixes that as
 users have to get used to synthetic voices, so they want to use their own
 default. Furthermore, the language they need might not be among the espeak
 voices, and the alternative have a voice whose name is bigger than 5.
Author: Thomas Renard <cybaer42@web.de>
Author: Samuel Thibault <sthibault@debian.org>
Bug-Debian: http://bugs.debian.org/697350
Forwarded: yes

--- a/eBook-speaker.c
+++ b/eBook-speaker.c
@@ -1325,9 +1325,9 @@
          p += 9;
          while (*p == ' ' || *p == '\t' || *p == '\n')
             p++;
-         strncpy (dc_language, p, 5);
+         strncpy (dc_language, p, sizeof(dc_language));
          p = dc_language;
-         while (*p != ' ' && *p != '\t' && *p != 0)
+         while (*p != ' ' && *p != '\t' && *p != 0 && p < dc_language+sizeof(dc_language)-1)
             p++;
          *p = 0;
       } // if
@@ -1954,7 +1954,8 @@
       fflush (stdout);
       exit (1);
    } // if
-   strncpy (dc_language, label, 5);
+   strncpy (dc_language, label, sizeof(dc_language)-1);
+   dc_language[sizeof(dc_language)-1] = 0;
    zip_fclose (opf);
 } // set_language
 
@@ -1989,7 +1990,8 @@
       switch (opt)
       {
       case 'l':
-         strncpy (dc_language, optarg, 5);
+         strncpy (dc_language, optarg, sizeof(dc_language)-1);
+         dc_language[sizeof(dc_language)-1] = 0;
          break;
       default:
          usage (prog_name);

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#697350: Patchpatched <erfolgreich auf Virenfreiheit geprueft>
  - From: Thomas Renard <cybaer42@web.de>
- Bug#697350: Patchpatched <erfolgreich auf Virenfreiheit geprueft>
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Bug#697350: Patchpatched <erfolgreich auf Virenfreiheit geprueft>
Next by Date: Bug#697350: marked as done (ebook-speaker: Does not work with mbrola voice files)
Previous by thread: Bug#697350: Patchpatched <erfolgreich auf Virenfreiheit geprueft>
Next by thread: Processing of ebook-speaker_2.0-3_amd64.changes
Index(es):
- Date
- Thread