Replace all calls to strncpy with strlcpy, use strdup more, expose strlcat (#3866)

strlcpy doesn't zero the buffer and ensures null termination, just like snprintf strlcat is already used by mjs and it's a safe alternative to strcat, so it should be OK to expose to apps
2025-12-12 12:42:30 +04:00 · 2024-09-07 18:16:56 +02:00
parent 9bdf41d8ff
commit 8672a1d94c
18 changed files with 47 additions and 47 deletions
--- a/lib/mjs/common/frozen/frozen.c
+++ b/lib/mjs/common/frozen/frozen.c
@@ -37,7 +37,7 @@
 #ifdef _WIN32
 #undef snprintf
 #undef vsnprintf
-#define snprintf cs_win_snprintf
+#define snprintf  cs_win_snprintf
 #define vsnprintf cs_win_vsnprintf
 int cs_win_snprintf(char* str, size_t size, const char* format, ...);
 int cs_win_vsnprintf(char* str, size_t size, const char* format, va_list ap);
@@ -150,7 +150,8 @@ static int json_isspace(int ch) {
 }

 static void json_skip_whitespaces(struct frozen* f) {
-    while(f->cur < f->end && json_isspace(*f->cur)) f->cur++;
+    while(f->cur < f->end && json_isspace(*f->cur))
+        f->cur++;
 }

 static int json_cur(struct frozen* f) {
@@ -263,15 +264,18 @@ static int json_parse_number(struct frozen* f) {
        f->cur += 2;
        EXPECT(f->cur < f->end, JSON_STRING_INCOMPLETE);
        EXPECT(json_isxdigit(f->cur[0]), JSON_STRING_INVALID);
-        while(f->cur < f->end && json_isxdigit(f->cur[0])) f->cur++;
+        while(f->cur < f->end && json_isxdigit(f->cur[0]))
+            f->cur++;
    } else {
        EXPECT(json_isdigit(f->cur[0]), JSON_STRING_INVALID);
-        while(f->cur < f->end && json_isdigit(f->cur[0])) f->cur++;
+        while(f->cur < f->end && json_isdigit(f->cur[0]))
+            f->cur++;
        if(f->cur < f->end && f->cur[0] == '.') {
            f->cur++;
            EXPECT(f->cur < f->end, JSON_STRING_INCOMPLETE);
            EXPECT(json_isdigit(f->cur[0]), JSON_STRING_INVALID);
-            while(f->cur < f->end && json_isdigit(f->cur[0])) f->cur++;
+            while(f->cur < f->end && json_isdigit(f->cur[0]))
+                f->cur++;
        }
        if(f->cur < f->end && (f->cur[0] == 'e' || f->cur[0] == 'E')) {
            f->cur++;
@@ -279,7 +283,8 @@ static int json_parse_number(struct frozen* f) {
            if((f->cur[0] == '+' || f->cur[0] == '-')) f->cur++;
            EXPECT(f->cur < f->end, JSON_STRING_INCOMPLETE);
            EXPECT(json_isdigit(f->cur[0]), JSON_STRING_INVALID);
-            while(f->cur < f->end && json_isdigit(f->cur[0])) f->cur++;
+            while(f->cur < f->end && json_isdigit(f->cur[0]))
+                f->cur++;
        }
    }
    json_truncate_path(f, fstate.path_len);
@@ -639,8 +644,7 @@ int json_vprintf(struct json_out* out, const char* fmt, va_list xap) {
                int need_len, size = sizeof(buf);
                char fmt2[20];
                va_list ap_copy;
-                strncpy(fmt2, fmt, n + 1 > (int)sizeof(fmt2) ? sizeof(fmt2) : (size_t)n + 1);
-                fmt2[n + 1] = '\0';
+                strlcpy(fmt2, fmt, sizeof(fmt2));

                va_copy(ap_copy, ap);
                need_len = vsnprintf(pbuf, size, fmt2, ap_copy);
@@ -1047,7 +1051,7 @@ int json_vscanf(const char* s, int len, const char* fmt, va_list ap) {

    while(fmt[i] != '\0') {
        if(fmt[i] == '{') {
-            strcat(path, ".");
+            strlcat(path, ".", sizeof(path));
            i++;
        } else if(fmt[i] == '}') {
            if((p = strrchr(path, '.')) != NULL) *p = '\0';
@@ -1160,7 +1164,8 @@ struct json_setf_data {

 static int get_matched_prefix_len(const char* s1, const char* s2) {
    int i = 0;
-    while(s1[i] && s2[i] && s1[i] == s2[i]) i++;
+    while(s1[i] && s2[i] && s1[i] == s2[i])
+        i++;
    return i;
 }

@@ -1235,7 +1240,8 @@ int json_vsetf(
        /* Trim comma after the value that begins at object/array start */
        if(s[data.prev - 1] == '{' || s[data.prev - 1] == '[') {
            int i = data.end;
-            while(i < len && json_isspace(s[i])) i++;
+            while(i < len && json_isspace(s[i]))
+                i++;
            if(s[i] == ',') data.end = i + 1; /* Point after comma */
        }
        json_printf(out, "%.*s", len - data.end, s + data.end);
@@ -1305,7 +1311,8 @@ struct prettify_data {
 };

 static void indent(struct json_out* out, int level) {
-    while(level-- > 0) out->printer(out, "  ", 2);
+    while(level-- > 0)
+        out->printer(out, "  ", 2);
 }

 static void print_key(struct prettify_data* pd, const char* path, const char* name, int name_len) {
--- a/lib/mjs/mjs_json.c
+++ b/lib/mjs/mjs_json.c
@@ -138,8 +138,7 @@ MJS_PRIVATE mjs_err_t to_json_or_debug(
        vp < mjs->json_visited_stack.buf + mjs->json_visited_stack.len;
        vp += sizeof(mjs_val_t)) {
        if(*(mjs_val_t*)vp == v) {
-            strncpy(buf, "[Circular]", size);
-            len = 10;
+            len = strlcpy(buf, "[Circular]", size);
            goto clean;
        }
    }