Aren/haiku
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed _user_get_safemode_option(): the bufferSize passed in got overwritten

Browse Source 
with the number of the actual string length, but it was still used for a
subsequent user_strlcpy() to the user buffer - therefore, it cut off one
byte from the result string.


git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@12202 a95241bf-73f2-0310-859d-f6bbb57e9c96
This commit is contained in:
Axel Dörfler 2005-03-31 19:32:50 +00:00
parent 914c87ccea
commit 207fb0b1ea
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/kernel/core/device_manager/settings.cpp
View File

@ -41,7 +41,7 @@ _user_get_safemode_option(const char *userParameter, char *userBuffer, size_t *_
{
char parameter[B_FILE_NAME_LENGTH];
char buffer[B_PATH_NAME_LENGTH];
size_t bufferSize;
size_t bufferSize, originalBufferSize;
if (!IS_USER_ADDRESS(userParameter) || !IS_USER_ADDRESS(userBuffer)
|| !IS_USER_ADDRESS(_userBufferSize)
@ -52,9 +52,10 @@ _user_get_safemode_option(const char *userParameter, char *userBuffer, size_t *_
if (bufferSize > B_PATH_NAME_LENGTH)
bufferSize = B_PATH_NAME_LENGTH;
originalBufferSize = bufferSize;
status_t status = get_safemode_option(parameter, buffer, &bufferSize);
if (user_strlcpy(userBuffer, buffer, bufferSize) < B_OK
if (user_strlcpy(userBuffer, buffer, originalBufferSize) < B_OK
|| user_memcpy(_userBufferSize, &bufferSize, sizeof(size_t)) < B_OK)
return B_BAD_ADDRESS;