From d8cd08d0ed8e5381e824b0da5dac5e621be6aa57 Mon Sep 17 00:00:00 2001
From: zimoch <zimoch>
Date: Thu, 12 Jan 2012 08:07:54 +0000
Subject: [PATCH] char arrays are now always 0 terminated when fetching strings
 with $ suffix

---
 fix-907761.patch   | 70 ++++++++++++++++++++++++++++++++++++++++++++++
 src/db/dbAccess.c  |  8 +++---
 src/db/dbConvert.c |  8 ++++++
 3 files changed, 82 insertions(+), 4 deletions(-)
 create mode 100644 fix-907761.patch

diff --git a/fix-907761.patch b/fix-907761.patch
new file mode 100644
index 000000000..d9f5d26aa
--- /dev/null
+++ b/fix-907761.patch
@@ -0,0 +1,70 @@
+=== modified file 'src/db/dbAccess.c'
+--- src/db/dbAccess.c	2010-10-05 19:27:37 +0000
++++ src/db/dbAccess.c	2012-01-06 00:11:42 +0000
+@@ -969,7 +969,7 @@
+ 
+         case DBR_CHAR:
+         case DBR_UCHAR:
+-            if (nRequest && *nRequest > 1) {
++            if (nRequest && *nRequest > 0) {
+                 maxlen = *nRequest - 1;
+                 break;
+             }
+@@ -984,8 +984,8 @@
+         if (!status) status = dbFindField(&dbEntry, pfldDes->name);
+         if (!status) {
+             rtnString = dbGetString(&dbEntry);
+-            strncpy(pbuf, rtnString, maxlen - 1);
+-            pbuf[maxlen - 1] = 0;
++            strncpy(pbuf, rtnString, maxlen);
++            pbuf[maxlen] = 0;
+         }
+         dbFinishEntry(&dbEntry);
+     } else {
+@@ -1028,7 +1028,7 @@
+ 
+         case DBR_CHAR:
+         case DBR_UCHAR:
+-            if (nRequest && *nRequest > 1) {
++            if (nRequest && *nRequest > 0) {
+                 maxlen = *nRequest - 1;
+                 break;
+             }
+@@ -1037,8 +1037,8 @@
+             return S_db_badDbrtype;
+         }
+ 
+-        strncpy(pbuf, (char *)paddr->pfield, maxlen - 1);
+-        pbuf[maxlen - 1] = 0;
++        strncpy(pbuf, (char *)paddr->pfield, maxlen);
++        pbuf[maxlen] = 0;
+         return 0;
+     }
+ 
+
+=== modified file 'src/db/dbConvert.c'
+--- src/db/dbConvert.c	2009-04-23 18:49:40 +0000
++++ src/db/dbConvert.c	2012-01-06 00:13:33 +0000
+@@ -416,6 +416,10 @@
+     char *pbuffer = (char *)pto;
+     char *psrc=(char *)(paddr->pfield);
+ 
++    if (paddr->pfldDes->field_type == DBF_STRING) {
++        pbuffer[--nRequest] = 0;
++        if (nRequest == 0) return(0);
++    }
+     if(nRequest==1 && offset==0) {
+ 	*pbuffer = *psrc;
+ 	return(0);
+@@ -436,6 +440,10 @@
+     unsigned char *pbuffer = (unsigned char *)pto;
+     char *psrc=(char *)(paddr->pfield);
+ 
++    if (paddr->pfldDes->field_type == DBF_STRING) {
++        pbuffer[--nRequest] = 0;
++        if (nRequest == 0) return(0);
++    }
+     if(nRequest==1 && offset==0) {
+ 	*pbuffer = *psrc;
+ 	return(0);
+
diff --git a/src/db/dbAccess.c b/src/db/dbAccess.c
index 0c5e2973e..5659b75fe 100644
--- a/src/db/dbAccess.c
+++ b/src/db/dbAccess.c
@@ -964,14 +964,13 @@ long epicsShareAPI dbGetField(DBADDR *paddr,short dbrType,
         switch (dbrType) {
         case DBR_STRING:
             maxlen = MAX_STRING_SIZE - 1;
-            pbuf[maxlen] = 0;
             if (nRequest && *nRequest > 1) *nRequest = 1;
             break;
 
         case DBR_CHAR:
         case DBR_UCHAR:
             if (nRequest && *nRequest > 0) {
-                maxlen = *nRequest;
+                maxlen = *nRequest - 1;
                 break;
             }
             /* else fall through ... */
@@ -986,6 +985,7 @@ long epicsShareAPI dbGetField(DBADDR *paddr,short dbrType,
         if (!status) {
             rtnString = dbGetString(&dbEntry);
             strncpy(pbuf, rtnString, maxlen);
+            pbuf[maxlen] = 0;
         }
         dbFinishEntry(&dbEntry);
     } else {
@@ -1023,14 +1023,13 @@ long epicsShareAPI dbGet(DBADDR *paddr, short dbrType,
         switch (dbrType) {
         case DBR_STRING:
             maxlen = MAX_STRING_SIZE - 1;
-            pbuf[maxlen] = 0;
             if (nRequest && *nRequest > 1) *nRequest = 1;
             break;
 
         case DBR_CHAR:
         case DBR_UCHAR:
             if (nRequest && *nRequest > 0) {
-                maxlen = *nRequest;
+                maxlen = *nRequest - 1;
                 break;
             }
             /* else fall through ... */
@@ -1039,6 +1038,7 @@ long epicsShareAPI dbGet(DBADDR *paddr, short dbrType,
         }
 
         strncpy(pbuf, (char *)paddr->pfield, maxlen);
+        pbuf[maxlen] = 0;
         return 0;
     }
 
diff --git a/src/db/dbConvert.c b/src/db/dbConvert.c
index f370e0aa2..e2bb9df42 100644
--- a/src/db/dbConvert.c
+++ b/src/db/dbConvert.c
@@ -416,6 +416,10 @@ static long getCharChar(
     char *pbuffer = (char *)pto;
     char *psrc=(char *)(paddr->pfield);
 
+    if (paddr->pfldDes->field_type == DBF_STRING) {
+        pbuffer[--nRequest] = 0;
+        if (nRequest == 0) return(0);
+    }
     if(nRequest==1 && offset==0) {
 	*pbuffer = *psrc;
 	return(0);
@@ -436,6 +440,10 @@ static long getCharUchar(
     unsigned char *pbuffer = (unsigned char *)pto;
     char *psrc=(char *)(paddr->pfield);
 
+    if (paddr->pfldDes->field_type == DBF_STRING) {
+        pbuffer[--nRequest] = 0;
+        if (nRequest == 0) return(0);
+    }
     if(nRequest==1 && offset==0) {
 	*pbuffer = *psrc;
 	return(0);