Added cmake support and replaced unsafe string functions with safe ones#25
Open
chrysante wants to merge 4 commits intorxi:masterfrom
Open
Added cmake support and replaced unsafe string functions with safe ones#25chrysante wants to merge 4 commits intorxi:masterfrom
chrysante wants to merge 4 commits intorxi:masterfrom
Conversation
rilysh
reviewed
Mar 29, 2024
| sscanf(rh->owner, "%o", &h->owner); | ||
| sscanf(rh->size, "%o", &h->size); | ||
| sscanf(rh->mtime, "%o", &h->mtime); | ||
| sscanf(rh->mode, "%8o", &h->mode); |
There was a problem hiding this comment.
You don't need to specify octal size for h->mode, h->owner, and h->mtime. They're fixed values and guaranteed will not "overflow" from it's range.
rilysh
reviewed
Mar 29, 2024
src/microtar.c
Outdated
| strcpy(h->linkname, rh->linkname); | ||
|
|
||
| // Here we can memcpy because both buffers have the same size | ||
| memcpy(h->name, rh->name, name_buf_width); |
There was a problem hiding this comment.
Use sizeof for array here for either h->name or rh->name. They both are same sized.
rilysh
reviewed
Mar 29, 2024
| sprintf(rh->owner, "%o", h->owner); | ||
| sprintf(rh->size, "%o", h->size); | ||
| sprintf(rh->mtime, "%o", h->mtime); | ||
| snprintf(rh->mode, 8, "%o", h->mode); |
There was a problem hiding this comment.
Same, you don't need to explicitly specify size here. It will not overflow
rilysh
reviewed
Mar 29, 2024
src/microtar.c
Outdated
| /* Build header */ | ||
| memset(&h, 0, sizeof(h)); | ||
| strcpy(h.name, name); | ||
| guarded_strcpy(h.name, name, name_buf_width); |
|
Considering the project activity was about 6 or 7 years ago, and since then no PRs are merged, I think you should generally avoid the hassle of creating PRs on this repository. Instead, you may wanna apply (your changes) in your local tree (project). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I modified the library to make it fit for my use and I thought I share it here.
The
nameandlinknamefields in themtar_header_tstruct are both 100 bytes long as mandated by the tar format. The tar format does allow longer names but this seems not supported by this library. Filename size is not checked by the library resulting in corrupted archives if a longer name is specified. I changed the behaviour to printing an error message and callingabort()if a name longer than 100 characters (including null terminator) is specified.While I was at it I also changed all other string functions that are considered unsafe to their safe alternatives.