dbPutString can leave strings unterminated
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
EPICS Base |
Fix Released
|
Low
|
mdavidsaver | ||
3.14 |
Fix Released
|
Low
|
mdavidsaver | ||
3.15 |
Fix Released
|
Low
|
mdavidsaver | ||
3.16 |
Fix Released
|
Low
|
mdavidsaver |
Bug Description
If a db file initializes a stringin or stringout record w/ a constant string > 40 char,
the string does not get terminated.
This, coupled w/ a strcpy(
both stringin and stringout can crash the ioc if the memory in oval wasn't pre-initialized to 0's.
The problem code is in dbStatic/
switch (pflddes-
case DBF_STRING:
if(!pfield) return(
strncpy((char *)pfield, pstring,
should be
((char *)pfield)
It might also be a good idea to change the strcpy calls in stringinRecord and stringoutRecord to strncpy.
Related branches
no longer affects: | epics-base/3.12 |
no longer affects: | epics-base/3.13 |
Attempted a fix with http:// bazaar. launchpad. net/~epics- core/epics- base/3. 14/revision/ 12620. This moves the field size test up before the string copy. Also made the change to "size-1".
Bruce could you please verify that this fixes the crash you see? If it doesn't please attach a .db file demonstrating the issue. This is clearly a bug, but from a quick test I couldn't actually cause a crash.