[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: gerbv crashes (was Re: gEDA-user: gerbv 1.0 on RH8)
Hallo,
> Yesssssssssssss.... That was it. Changing "1" to "2" did the trick.
> Core dumps is gone...
> "gerbv" works as a charm on RH8.
> > > 842 filename = dirname(filename);
> > > 843 if (screen.path)
> > > 844 free(screen.path);
> > > 845 screen.path = (char *)malloc(strlen(filename) + 1);
> > > 846 strcpy(screen.path, filename);
> > > 847 screen.path = strncat(screen.path, "/", 1);
> >
> > This is it (in fact it is a classical one)!
> >
> > strlen(filename) gives the length of filename EXCLUDING the trailing
> > \0. A buffer of size strlen(filename)+1 does have just enough space to
> > include the trailing \0. When appending "/", you write past the end of
> > that buffer. You have to change the +1 to a +2.
> >
> > 73, Mario
> > - --
> > Mario Klebsch mario@xxxxxxxxxx
I have commited this bugfix to 1.0 and to the main gerbv branch. The changes
may need a few hours to show in the anonymous CVS on SourceForge.
There were also some other "off by 1" bugs which I have fixed as well (just
searched for all strlen() :-)
Best regards,
--
Tomasz Motylewski
BFAD GmbH