[asterisk-commits] tilghman: branch 1.4 r237573 - /branches/1.4/main/say.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Jan 4 15:45:49 CST 2010 

Author: tilghman
Date: Mon Jan  4 15:45:46 2010
New Revision: 237573

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=237573
Log:
Bounds checking for input string
(closes issue #16407)
 Reported by: qwell
 Patches: 
       20100104__issue16407.diff.txt uploaded by tilghman (license 14)

Modified:
    branches/1.4/main/say.c

Modified: branches/1.4/main/say.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/main/say.c?view=diff&rev=237573&r1=237572&r2=237573
==============================================================================
--- branches/1.4/main/say.c (original)
+++ branches/1.4/main/say.c Mon Jan  4 15:45:46 2010
@@ -3253,9 +3253,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -3501,9 +3501,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -3706,9 +3706,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -3938,9 +3938,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -4093,9 +4093,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				snprintf(nextmsg,sizeof(nextmsg), "%s", sndfile);
 				res = wait_file(chan,ints,nextmsg,lang);
@@ -4285,9 +4285,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -4483,9 +4483,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
-				sndfile[sndoffset] = format[offset];
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
+					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -4716,9 +4716,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -4922,9 +4922,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset = 0;
-				for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan, ints, sndfile, lang);
 				break;
@@ -5140,9 +5140,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				snprintf(nextmsg,sizeof(nextmsg), "%s", sndfile);
 				res = wait_file(chan,ints,nextmsg,lang);
@@ -5430,9 +5430,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 			case '\'':
 				/* Literal name of a sound file */
-				sndoffset=0;
-				for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+				for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 					sndfile[sndoffset] = format[offset];
+				}
 				sndfile[sndoffset] = '\0';
 				res = wait_file(chan,ints,sndfile,lang);
 				break;
@@ -6807,9 +6807,9 @@
 			/* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
 		case '\'':
 			/* Literal name of a sound file */
-			sndoffset=0;
-			for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
+			for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
 				sndfile[sndoffset] = format[offset];
+			}
 			sndfile[sndoffset] = '\0';
 			res = wait_file(chan,ints,sndfile,lang);
 			break;

More information about the asterisk-commits mailing list