AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2010.07.08 16:25 "[Tiff] strlcpy vs strncpy", by Bob Friesenhahn
2010.07.08 18:03 "Re: [Tiff] strlcpy vs strncpy", by Lee Howard
2010.07.08 18:06 "Re: [Tiff] strlcpy vs strncpy", by Olivier Paquet
2010.07.11 17:36 "Re: [Tiff] strlcpy vs strncpy", by Edward Lam
2010.07.12 19:30 "[Tiff] strncpy in tiffcrop", by Richard Nolde
2010.07.12 20:31 "Re: [Tiff] strncpy in tiffcrop", by Edward Lam
2010.08.06 18:21 "Re: [Tiff] tiff4 on 32-bit Windows", by Toby Thain
2010.08.06 15:05 "[Tiff] tiff4 on 32-bit Windows", by John
2010.08.06 15:21 "Re: [Tiff] tiff4 on 32-bit Windows", by Bob Friesenhahn
2010.08.06 15:57 "Re: [Tiff] tiff4 on 32-bit Windows", by John
2010.08.06 16:24 "Re: [Tiff] tiff4 on 32-bit Windows", by Edward Lam
2010.08.06 16:51 "Re: [Tiff] tiff4 on 32-bit Windows", by Bob Friesenhahn
2010.08.06 16:38 "Re: [Tiff] tiff4 on 32-bit Windows", by Bob Friesenhahn
2010.08.09 12:59 "Re: [Tiff] tiff4 on 32-bit Windows", by John
2010.08.06 15:37 "Re: [Tiff] tiff4 on 32-bit Windows", by Olivier Paquet
2010.08.07 06:34 "[Tiff] tiffcp crashes on planar to strip conversion for < 8 bit", by Andreas Kleinert
2010.08.07 06:36 "Re: [Tiff] tiffcp crashes on tile to strip conversion for < 8 bit", by Andreas Kleinert
2010.08.15 04:45 "Re: [Tiff] tiffcp crashes on planar to strip conversion for < 8 bit", by Lee Howard
2010.07.10 11:04 "Re: [Tiff] strlcpy vs strncpy", by Albert Cahalan
2010.07.10 13:27 "Re: [Tiff] strlcpy vs strncpy", by Kevin Myers
2010.07.10 13:50 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn
2010.07.11 07:34 "Re: [Tiff] strlcpy vs strncpy", by Albert Cahalan
2010.07.11 08:06 "Re: [Tiff] strlcpy vs strncpy", by Toby Thain
2010.07.11 14:35 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn
2010.07.10 13:39 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn
2010.07.11 08:18 "Re: [Tiff] strlcpy vs strncpy", by Albert Cahalan
2010.07.11 16:35 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn
2010.07.12 17:34 "Re: [Tiff] strlcpy vs strncpy", by Dmitry V. Levin
2010.07.12 18:13 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn
2010.08.02 19:47 "Re: [Tiff] BigTIFF Support in LibTiff", by Gajera Tejas
2010.08.02 19:25 "[Tiff] BigTIFF Support in LibTiff", by Gajera Tejas
2010.08.02 19:34 "Re: [Tiff] BigTIFF Support in LibTiff", by Bob Friesenhahn
2010.08.19 17:18 "[Tiff] tiff2ps page sizing options", by Richard Nolde
2010.08.23 04:54 "Re: [Tiff] tiff2ps page sizing options", by Lee Howard

2010.07.12 20:31 "Re: [Tiff] strncpy in tiffcrop", by Edward Lam

Richard Nolde wrote:
>> I only see problematic uses of strncpy in tiffcrop. The other uses of
>>

I'm usually pretty careful to make sure that the buffer is large enough to hold the original string plus the terminating NULL, but I'll check the code when I get a chance.

I must admit that I only took a cursory look at the code only to note whether we failed to NUL terminate after calling strncpy() so that it could very well be that tiffcrop's use of strncpy() is ok. I had more intended to point out that the other cases should be fine because we already NUL terminated immediately afterwards.

I'll just note that the problem with failing to NUL terminate after calling strncpy() is not that there might be insufficient memory. Let's take the first strncpy() call in tiffcrop.c's update_output_file() function as an example:

     strncpy (exportname, outname, PATH_MAX - 15);

If strlen(outname) >= (PATH_MAX-15), then we will end up with a potentially unterminated exportname string (depending on the contents of the stack after PATH_MAX - 15 characters).

You may want to look at tiffcp as well (which I do not maintain).

I don't see any strcpy() or strncpy() calls in it although I did spot a a few fixed length char buffers that may or may not be handled properly. :)

Best Regards,

-Edward