[svn-r9466] Purpose:

    Bug fix

Description:
    Clean up potential buffer overflow in strncpy()

Platforms tested:
    FreeBSD 4.10 (sleipnir)
    Too minor to require h5committest

3 files changed, 10 insertions, 15 deletions

diff --git a/src/H5Pdxpl.c b/src/H5Pdxpl.c
index 5941a19..49fece6 100644
--- a/src/H5Pdxpl.c
+++ b/src/H5Pdxpl.c
@@ -80,6 +80,7 @@ done:
     FUNC_LEAVE_API(ret_value);
 }
 
+
 /*-------------------------------------------------------------------------
  * Function:	H5Pget_data_transform
  *
@@ -136,11 +137,9 @@ ssize_t H5Pget_data_transform(hid_t plist_id, char* expression /*out*/, size_t s
     len = HDstrlen(pexp);
     if(expression)
     {
-	/* sanity check */
-	if(size > len)
-	    size = len;
-	
-	HDstrncpy(expression, pexp, size);
+	HDstrncpy(expression, pexp, MIN(len+1,size));
+        if(len >= size)
+            expression[size-1]='\0';
     }
     
     ret_value = (ssize_t)len;
@@ -155,9 +154,6 @@ done:
     FUNC_LEAVE_API(ret_value);
 }
 
-
-
-
 
 /*-------------------------------------------------------------------------
  * Function:	H5Pset_buffer
diff --git a/src/H5Ztrans.c b/src/H5Ztrans.c
index 437d79e..d14af45 100644
--- a/src/H5Ztrans.c
+++ b/src/H5Ztrans.c
@@ -1594,7 +1594,6 @@ H5Z_xform_extract_xform_str(const H5Z_data_xform_t *data_xform_prop)
     /* There should be no way that these can be NULL since the function
      * that calls this one checks to make sure they aren't before
      * pasing them */
-    assert(exp);
     assert(data_xform_prop);
   
     ret_value = data_xform_prop->xform_exp;
diff --git a/test/dtransform.c b/test/dtransform.c
index da8b95c..622545d 100644
--- a/test/dtransform.c
+++ b/test/dtransform.c
@@ -654,13 +654,13 @@ int test_getset(const hid_t dxpl_id_c_to_f)
 
     const char* simple = "(4/2) * ( (2 + 4)/(5 - 2.5))"; /* this equals 4.8 */ 
     const char* c_to_f = "(9/5.0)*x + 32";
-    char* ptrgetTest = malloc(strlen(c_to_f)+1);
+    char* ptrgetTest = HDmalloc(HDstrlen(c_to_f)+1);
     
-    memset(ptrgetTest, 0, strlen(c_to_f)+1);
+    HDmemset(ptrgetTest, 0, HDstrlen(c_to_f)+1);
     
     TESTING("H5Pget_data_transform")
-    H5Pget_data_transform(dxpl_id_c_to_f, ptrgetTest, strlen(c_to_f));
-    if(strcmp(c_to_f, ptrgetTest) != 0)
+    H5Pget_data_transform(dxpl_id_c_to_f, ptrgetTest, HDstrlen(c_to_f)+1);
+    if(HDstrcmp(c_to_f, ptrgetTest) != 0)
     {
 	H5_FAILED();
 	fprintf(stderr, "    ERROR: Data transform failed to match what was set\n");
@@ -690,12 +690,12 @@ int test_getset(const hid_t dxpl_id_c_to_f)
     }
     PASSED();
     
-    memset(ptrgetTest, 0, strlen(c_to_f)+1);
+    HDmemset(ptrgetTest, 0, strlen(c_to_f)+1);
     free(ptrgetTest);
 
     ptrgetTest = malloc(strlen(simple)+1);
     
-    memset(ptrgetTest, 0, strlen(simple)+1);
+    HDmemset(ptrgetTest, 0, strlen(simple)+1);
     TESTING("H5Pget_data_transform, after resetting transform property")
     H5Pget_data_transform(dxpl_id_c_to_f, ptrgetTest, strlen(simple)+1);
     if(strcmp(simple, ptrgetTest) != 0)