epics/epics-base
0
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

Fix off by one error in constant link fetch

Browse Source 
For long string buffers, we currently write a null terminator one byte
past the end of the buffer. This can be seen with a record of the type

```
record(aai, foo) {
  field(NELM, 1)
  field(FTVL, CHAR)
  field(INP, {const: "foo"})
}
```
where the buffer is only of size 1, but then we write at index 1 (aka
past the end of the buffer).

Co-authored-by: Lucas A. M. Magalhães <lucmaga@gmail.com>
This commit is contained in:
Simon Rose
2024-03-13 14:45:39 +01:00
committed by mdavidsaver
parent ede745cc34
commit 1b46077096
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/database/src/std/link/lnkConst.c
View File

@ -495,9 +495,11 @@ static long lnkConst_loadArray(struct link *plink, short dbrType, void *pbuffer,
}
else {
/* Long string conversion */
if (*pnReq > 0) {
strncpy(pbuffer, clink->value.scalar_string, *pnReq);
((char *)pbuffer)[*pnReq] = 0;
((char *)pbuffer)[*pnReq - 1] = 0;
nElems = strlen(pbuffer) + 1;
}
status = 0;
}
break;