Fix "sz" parameter in calls to strncpy() - possible buffer overflow or string truncation

Author: kamahen

libhdt/src/libdcs/CSD_FMIndex.cpp

@@ -90,7 +90,7 @@ CSD_FMIndex::CSD_FMIndex(hdt::IteratorUCharString *it, bool sparse_bitsequence,
     // Checking the current size of the encoded
     // sequence: realloc if necessary
     if ((total + currentLength + 1) > reservedSize) {
-      while (((size_t)total + currentLength + 1) > reservedSize) {
+      while ((total + currentLength + 1) > reservedSize) {
         reservedSize <<= 1;
         if (reservedSize == 0) {
           reservedSize = ((size_t)total + currentLength) * 2;
@@ -99,7 +99,7 @@ CSD_FMIndex::CSD_FMIndex(hdt::IteratorUCharString *it, bool sparse_bitsequence,
       text =
           (unsigned char *)realloc(text, reservedSize * sizeof(unsigned char));
     }
-    strncpy((char *)(text + total), (char *)currentStr, currentLength);
+    strncpy((char *)(text + total), (char *)currentStr, reservedSize - total);
 
     total += currentLength;
 
@@ -118,7 +118,7 @@ CSD_FMIndex::CSD_FMIndex(hdt::IteratorUCharString *it, bool sparse_bitsequence,
   textFinal = new char[total + 1];
   //	cout<<"testing:total cpy:"<<total<<endl;
   //	cout<<"testing:text:"<<text<<endl;
-  strncpy((char *)(textFinal), (char *)text, total);
+  strncpy((char *)(textFinal), (char *)text, total + 1);
   textFinal[total] = '\0'; // end of the text
   //	cout<<"testing:textFinal:"<<textFinal<<endl;
 

libhdt/src/libdcs/CSD_HTFC.cpp

@@ -93,7 +93,7 @@ CSD_HTFC::CSD_HTFC(hdt::IteratorUCharString *it, uint32_t blocksize,
 
       // The string is explicitly copied to the
       // encoded sequence.
-      strncpy((char *)(textfc + bytesfc), (char *)currentStr, currentLength);
+      strncpy((char *)(textfc + bytesfc), (char *)currentStr, reservedSize - bytesfc);
       bytesfc += currentLength;
 
       // cout << nblocks-1 << "," << length << " => " << currentStr << endl;
@@ -113,7 +113,7 @@ CSD_HTFC::CSD_HTFC(hdt::IteratorUCharString *it, uint32_t blocksize,
 
       // The suffix is copied to the sequence
       strncpy((char *)(textfc + bytesfc), (char *)currentStr + delta,
-              currentLength - delta);
+              reservedSize - bytesfc);
       bytesfc += currentLength - delta;
       // cout << nblocks-1 << "," << length << " => " << currentStr << endl;
     }
@@ -333,7 +333,7 @@ void CSD_HTFC::dumpBlock(uint block) {
   uint idInBlock = 0;
 
   // Reading the first string
-  strncpy((char *)string, (char *)(text + pos), slen);
+  strncpy((char *)string, (char *)(text + pos), maxlength + 1);
   string[slen] = '\0';
   pos += slen;
 
@@ -352,7 +352,7 @@ void CSD_HTFC::dumpBlock(uint block) {
 
     // Copying the suffix
     slen = strlen((char *)text + pos) + 1;
-    strncpy((char *)(string + delta), (char *)(text + pos), slen);
+    strncpy((char *)(string + delta), (char *)(text + pos), maxlength - delta + 1);
 
     cout << block * blocksize + idInBlock << " (" << idInBlock << ") => "
          << string << " Delta=" << delta << " Len=" << slen << endl;

libhdt/src/libdcs/CSD_PFC.cpp

@@ -81,7 +81,7 @@ CSD_PFC::CSD_PFC(hdt::IteratorUCharString *it, uint32_t blocksize,
       nblocks++;
 
       // The string is explicitly copied to the encoded sequence.
-      strncpy((char *)(text + bytes), (char *)currentStr, currentLength);
+      strncpy((char *)(text + bytes), (char *)currentStr, reservedSize - bytes);
       bytes += currentLength;
     } else {
       // Regular string
@@ -96,7 +96,7 @@ CSD_PFC::CSD_PFC(hdt::IteratorUCharString *it, uint32_t blocksize,
 
       // The suffix is copied to the sequence
       strncpy((char *)(text + bytes), (char *)currentStr + delta,
-              currentLength - delta);
+              reservedSize - bytes);
       bytes += currentLength - delta;
     }
 

libhdt/src/triples/TripleListDisk.cpp

@@ -303,7 +303,7 @@ void TripleListDisk::insert(TripleID &triple)
 
 	//cout << "Insert: " <<&pointer[numTotalTriples] << "* "<< triple << " "<<sizeof(TripleID) << endl;
 
-	memcpy(&arrayTriples[numTotalTriples], &triple, sizeof(TripleID));
+	arrayTriples[numTotalTriples] = triple;
 	numTotalTriples++;
 	numValidTriples++;
 	//cout << "Inserted: "<< numTotalTriples << endl;