fly/flightgear
1
0
Fork 0
Code Activity

[security] Prevent buffer overrun.

Browse source
This commit is contained in:
Scott Giese 2019-06-15 21:30:54 -05:00
parent 47e3e7baed
commit efcbdcfec2
4 changed files with 38 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/FDM/YASim/FGFDM.cpp
View file

@ -431,7 +431,7 @@ void FGFDM::setOutputProperties(float dt)
Rotor*r=(Rotor*)_airplane.getRotorgear()->getRotor(i);
int j = 0;
float f;
char b[256];
char b[300];
while((j = r->getValueforFGSet(j, b, &f)))
if(b[0]) fgSetFloat(b,f);
j=0;

22
src/FDM/YASim/Rotor.cpp
View file

@ -273,7 +273,7 @@ int Rotor::getValueforFGSet(int j,char *text,float *f)
if (j==0)
{
snprintf(text, 256, "/rotors/%s/cone-deg", _name);
snprintf(text, 300, "/rotors/%s/cone-deg", _name);
*f=(_balance1>-1)?( ((Rotorpart*)getRotorpart(0))->getrealAlpha()
+((Rotorpart*)getRotorpart(1*(_number_of_parts>>2)))->getrealAlpha()
+((Rotorpart*)getRotorpart(2*(_number_of_parts>>2)))->getrealAlpha()
@ -282,7 +282,7 @@ int Rotor::getValueforFGSet(int j,char *text,float *f)
}
else if (j==1)
{
snprintf(text, 256, "/rotors/%s/roll-deg", _name);
snprintf(text, 300, "/rotors/%s/roll-deg", _name);
_roll = ( ((Rotorpart*)getRotorpart(0))->getrealAlpha()
-((Rotorpart*)getRotorpart(2*(_number_of_parts>>2)))->getrealAlpha()
)/2*(_ccw?-1:1);
@ -290,7 +290,7 @@ int Rotor::getValueforFGSet(int j,char *text,float *f)
}
else if (j==2)
{
snprintf(text, 256, "/rotors/%s/yaw-deg", _name);
snprintf(text, 300, "/rotors/%s/yaw-deg", _name);
_yaw=( ((Rotorpart*)getRotorpart(1*(_number_of_parts>>2)))->getrealAlpha()
-((Rotorpart*)getRotorpart(3*(_number_of_parts>>2)))->getrealAlpha()
)/2;
@ -298,37 +298,37 @@ int Rotor::getValueforFGSet(int j,char *text,float *f)
}
else if (j==3)
{
snprintf(text, 256, "/rotors/%s/rpm", _name);
snprintf(text, 300, "/rotors/%s/rpm", _name);
*f=(_balance1>-1)?_omega/2/pi*60:0;
}
else if (j==4)
{
snprintf(text, 256, "/rotors/%s/tilt/pitch-deg",_name);
snprintf(text, 300, "/rotors/%s/tilt/pitch-deg",_name);
*f=_tilt_pitch*180/pi;
}
else if (j==5)
{
snprintf(text, 256, "/rotors/%s/tilt/roll-deg",_name);
snprintf(text, 300, "/rotors/%s/tilt/roll-deg",_name);
*f=_tilt_roll*180/pi;
}
else if (j==6)
{
snprintf(text, 256, "/rotors/%s/tilt/yaw-deg",_name);
snprintf(text, 300, "/rotors/%s/tilt/yaw-deg",_name);
*f=_tilt_yaw*180/pi;
}
else if (j==7)
{
snprintf(text, 256, "/rotors/%s/balance", _name);
snprintf(text, 300, "/rotors/%s/balance", _name);
*f=_balance1;
}
else if (j==8)
{
snprintf(text, 256, "/rotors/%s/stall",_name);
snprintf(text, 300, "/rotors/%s/stall",_name);
*f=getOverallStall();
}
else if (j==9)
{
snprintf(text, 256, "/rotors/%s/torque",_name);
snprintf(text, 300, "/rotors/%s/torque",_name);
*f=-_torque;;
}
else
@ -339,7 +339,7 @@ int Rotor::getValueforFGSet(int j,char *text,float *f)
return 0;
}
int w=j%3;
snprintf(text, 256, "/rotors/%s/blade[%i]/%s",
snprintf(text, 300, "/rotors/%s/blade[%i]/%s",
_name,b,
w==0?"position-deg":(w==1?"flap-deg":"incidence-deg"));
*f=((Rotorpart*)getRotorpart(0))->getPhi()*180/pi

24
src/Network/ATC-Inputs.cxx
View file

@ -158,8 +158,8 @@ bool FGATCInput::open() {
analog_in_fd = ::open( analog_in_file, O_RDONLY );
if ( analog_in_fd == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error opening %s", analog_in_file );
char msg[300];
snprintf( msg, 300, "Error opening %s", analog_in_file );
perror( msg );
exit( -1 );
}
@ -167,8 +167,8 @@ bool FGATCInput::open() {
radios_fd = ::open( radios_file, O_RDWR );
if ( radios_fd == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error opening %s", radios_file );
char msg[300];
snprintf( msg, 300, "Error opening %s", radios_file );
perror( msg );
exit( -1 );
}
@ -176,8 +176,8 @@ bool FGATCInput::open() {
switches_fd = ::open( switches_file, O_RDONLY );
if ( switches_fd == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error opening %s", switches_file );
char msg[300];
snprintf( msg, 300, "Error opening %s", switches_file );
perror( msg );
exit( -1 );
}
@ -989,8 +989,8 @@ bool FGATCInput::close() {
result = ::close( analog_in_fd );
if ( result == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error closing %s", analog_in_file );
char msg[300];
snprintf( msg, 300, "Error closing %s", analog_in_file );
perror( msg );
exit( -1 );
}
@ -998,8 +998,8 @@ bool FGATCInput::close() {
result = ::close( radios_fd );
if ( result == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error closing %s", radios_file );
char msg[300];
snprintf( msg, 300, "Error closing %s", radios_file );
perror( msg );
exit( -1 );
}
@ -1007,8 +1007,8 @@ bool FGATCInput::close() {
result = ::close( switches_fd );
if ( result == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error closing %s", switches_file );
char msg[300];
snprintf( msg, 300, "Error closing %s", switches_file );
perror( msg );
exit( -1 );
}

28
src/Network/ATC-Outputs.cxx
View file

@ -273,8 +273,8 @@ bool FGATCOutput::open( int lock_fd ) {
analog_out_fd = ::open( analog_out_file, O_WRONLY );
if ( analog_out_fd == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error opening %s", analog_out_file );
char msg[300];
snprintf( msg, 300, "Error opening %s", analog_out_file );
perror( msg );
exit( -1 );
}
@ -282,8 +282,8 @@ bool FGATCOutput::open( int lock_fd ) {
lamps_fd = ::open( lamps_file, O_WRONLY );
if ( lamps_fd == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error opening %s", lamps_file );
char msg[300];
snprintf( msg, 300, "Error opening %s", lamps_file );
perror( msg );
exit( -1 );
}
@ -291,8 +291,8 @@ bool FGATCOutput::open( int lock_fd ) {
radio_display_fd = ::open( radio_display_file, O_RDWR );
if ( radio_display_fd == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error opening %s", radio_display_file );
char msg[300];
snprintf( msg, 300, "Error opening %s", radio_display_file );
perror( msg );
exit( -1 );
}
@ -300,8 +300,8 @@ bool FGATCOutput::open( int lock_fd ) {
stepper_fd = ::open( stepper_file, O_RDWR );
if ( stepper_fd == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error opening %s", stepper_file );
char msg[300];
snprintf( msg, 300, "Error opening %s", stepper_file );
perror( msg );
exit( -1 );
}
@ -1076,8 +1076,8 @@ bool FGATCOutput::close() {
result = ::close( lamps_fd );
if ( result == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error closing %s", lamps_file );
char msg[300];
snprintf( msg, 300, "Error closing %s", lamps_file );
perror( msg );
exit( -1 );
}
@ -1085,8 +1085,8 @@ bool FGATCOutput::close() {
result = ::close( radio_display_fd );
if ( result == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error closing %s", radio_display_file );
char msg[300];
snprintf( msg, 300, "Error closing %s", radio_display_file );
perror( msg );
exit( -1 );
}
@ -1094,8 +1094,8 @@ bool FGATCOutput::close() {
result = ::close( stepper_fd );
if ( result == -1 ) {
SG_LOG( SG_IO, SG_ALERT, "errno = " << errno );
char msg[256];
snprintf( msg, 256, "Error closing %s", stepper_file );
char msg[300];
snprintf( msg, 300, "Error closing %s", stepper_file );
perror( msg );
exit( -1 );
}