Bug#422826: ppdfilt: Source and destination overlap in strcpy

Tue, 08 May 2007 03:51:45 -0700 

Package: ppdfilt
Version: 2:0.10-4
Severity: minor
Tags: patch

Running valgrind over ppdfilt results in messages like:

==6187== Source and destination overlap in strcpy(0xBEFD0BC2, 0xBEFD0BC3)
==6187==    at 0x401EA27: strcpy (mc_replace_strmem.c:106)
==6187==    by 0x4026B10: ppd_file_new_from_filep (ppd.c:743)
==6187==    by 0x4027B31: ppd_file_new (ppd.c:1140)
==6187==    by 0x8049246: SetCommonOptions (ppdfilt.c:1118)
==6187==    by 0x804A3BE: main (ppdfilt.c:444)
==6187== 
==6187== Source and destination overlap in strcpy(0xBEFD0BEB, 0xBEFD0BEC)
==6187==    at 0x401EA27: strcpy (mc_replace_strmem.c:106)
==6187==    by 0x4027186: ppd_file_new_from_filep (ppd.c:861)
==6187==    by 0x4027B31: ppd_file_new (ppd.c:1140)
==6187==    by 0x8049246: SetCommonOptions (ppdfilt.c:1118)
==6187==    by 0x804A3BE: main (ppdfilt.c:444)
==6187== 
==6187== Source and destination overlap in strcpy(0xBEFD0B99, 0xBEFD0B9A)
==6187==    at 0x401EA27: strcpy (mc_replace_strmem.c:106)
==6187==    by 0x4027A73: ppd_file_new_from_filep (ppd.c:1039)
==6187==    by 0x4027B31: ppd_file_new (ppd.c:1140)
==6187==    by 0x8049246: SetCommonOptions (ppdfilt.c:1118)
==6187==    by 0x804A3BE: main (ppdfilt.c:444)
==6187== 
==6187== Source and destination overlap in strcpy(0xBEFD0B70, 0xBEFD0B71)
==6187==    at 0x401EA27: strcpy (mc_replace_strmem.c:106)
==6187==    by 0x4027A8E: ppd_file_new_from_filep (ppd.c:1042)
==6187==    by 0x4027B31: ppd_file_new (ppd.c:1140)
==6187==    by 0x8049246: SetCommonOptions (ppdfilt.c:1118)
==6187==    by 0x804A3BE: main (ppdfilt.c:444)

Attached patch makes them go away. (I don't know of any arch where this
breaks currently, but it may in the future and having a clean valgrind
output makes looking for other stuff much easier).

Hochachtungsvoll,
        Bernhard R. Link

diff -r -u -p libppd-0.10.original/src/ppd.c libppd-0.10/src/ppd.c
--- libppd-0.10.original/src/ppd.c	2001-07-19 20:23:02.000000000 +0200
+++ libppd-0.10/src/ppd.c	2007-05-08 12:35:50.000000000 +0200
@@ -740,7 +740,7 @@ PpdFile *ppd_file_new_from_filep(FILE * 
     } else if (strcmp(keyword, "OpenUI") == 0) {
       /* Add an option record to the current sub-group, group, or file... */
       if (name[0] == '*')
-	strcpy(name, name + 1);
+	memmove(name, name + 1, strlen(name));
 
       if (string == NULL)
 	goto failout1;
@@ -807,7 +807,7 @@ PpdFile *ppd_file_new_from_filep(FILE * 
 
       // Add an option record to the current JCLs...
       if (name[0] == '*')
-	strcpy(name, name + 1);
+	memmove(name, name + 1, strlen(name));
 
       if ((option = ppd_get_option(group, name)) == NULL)
 	option = ppd_option_new(group, keyword);
@@ -828,11 +828,12 @@ PpdFile *ppd_file_new_from_filep(FILE * 
 	       || strcmp(keyword, "JCLCloseUI") == 0)
       option = NULL;
     else if (strcmp(keyword, "OpenGroup") == 0) {
+      char *h;
       // Open a new group...
       if (group != NULL)
 	goto failout;
-      if (strchr(string, '/') != NULL)	// Just show human readable text 
-	strcpy(string, strchr(string, '/') + 1);
+      if ((h = strchr(string, '/')) != NULL)	// Just show human readable text
+	memmove(string, h, strlen(h)+1);
 
       ppd_decode(string);
       ppd_fix(string);
@@ -858,7 +859,7 @@ PpdFile *ppd_file_new_from_filep(FILE * 
       if (sscanf(string, "%f%40s%40s", &order, name, keyword) != 3)
 	goto failout;
       if (keyword[0] == '*')
-	strcpy(keyword, keyword + 1);
+	memmove(keyword, keyword + 1, strlen(keyword));
 
       if (strcmp(name, "ExitServer") == 0)
 	section = PPD_ORDER_EXIT;
@@ -1003,46 +1004,44 @@ PpdFile *ppd_file_new_from_filep(FILE * 
 	break;
       case 2:			// Two options... 
 	if (copt1[0] == '*')
-	  strcpy(copt1, copt1 + 1);
+	  constraint->option1 = g_string_new(copt1 + 1);
+	else
+	  constraint->option1 = g_string_new(copt1);
 
 	if (cchoice1[0] == '*')
-	  strcpy(copt2, cchoice1 + 1);
+	  constraint->option2 = g_string_new(cchoice1 + 1);
 	else
-	  strcpy(copt2, cchoice1);
+	  constraint->option2 = g_string_new(cchoice1);
 
-	constraint->option1 = g_string_new(copt1);
-	constraint->option2 = g_string_new(copt2);
 	break;
       case 3:			// Two options, one choice... 
 	if (copt1[0] == '*')
-	  strcpy(copt1, copt1 + 1);
-	constraint->option1 = g_string_new(copt1);
+	  constraint->option1 = g_string_new(copt1 + 1);
+	else
+	  constraint->option1 = g_string_new(copt1);
 
 	if (cchoice1[0] == '*') {
-	  strcpy(cchoice2, copt2);
-	  strcpy(copt2, cchoice1 + 1);
-	  cchoice1[0] = '\0';
-
-	  constraint->choice2 = g_string_new(cchoice2);
-	  constraint->option2 = g_string_new(copt2);
+	  constraint->choice2 = g_string_new(copt2);
+	  constraint->option2 = g_string_new(cchoice1 + 1);
 	} else {
 	  if (copt2[0] == '*')
-	    strcpy(copt2, copt2 + 1);
-
-	  constraint->option2 = g_string_new(copt2);
-	  cchoice2[0] = '\0';
+	    constraint->option2 = g_string_new(copt2 + 1);
+	  else
+	    constraint->option2 = g_string_new(copt2);
 	}
 
 	break;
       case 4:			// Two options, two choices... 
 	if (copt1[0] == '*')
-	  strcpy(copt1, copt1 + 1);
+	  constraint->option1 = g_string_new(copt1 + 1);
+	else
+	  constraint->option1 = g_string_new(copt1);
 
 	if (copt2[0] == '*')
-	  strcpy(copt2, copt2 + 1);
+	  constraint->option2 = g_string_new(copt2 + 1);
+	else
+	  constraint->option2 = g_string_new(copt2);
 
-	constraint->option1 = g_string_new(copt1);
-	constraint->option2 = g_string_new(copt2);
 	constraint->choice1 = g_string_new(cchoice1);
 	constraint->choice2 = g_string_new(cchoice2);
 	break;

Reply via email to