If maxlen is 0, then I believe you should use the string length as the max length.<br><br>For example, from the ICU string mgr:<br><pre>        int max = (maxlen) ? maxlen : strlen(buf);<br><br></pre>God Bless,<br>Ben<br>-------------------------------------------------------------------------------------------<br>
The Lord is not slow to fulfill his promise as some count slowness,<br>but is patient toward you, not wishing that any should perish,<br>but that all should reach repentance.<br>2 Peter 3:9 (ESV)
<br><br><div class="gmail_quote">On Fri, May 30, 2008 at 1:29 AM, Karl Kleinpaste <<a href="mailto:karl@kleinpaste.org">karl@kleinpaste.org</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm chasing a GS crash bug which turns out to be a problem with the<br>
underlying Sword support, in which it has passed a max length of zero to<br>
GS_StringMgr::upperUTF8().<br>
<br>
The bug is tripped during a search which subsequently calls<br>
SWModule::StripText() and eventually lands in this code:<br>
32 int newlen = strlen(upper_str);<br>
33 if (newlen >= maxlen) newlen = maxlen - 1;<br>
34 memcpy(text, upper_str, newlen); // SEGV HERE.<br>
35 text[newlen] = 0;<br>
<br>
In the backtrace, note that GS_StringMgr::upperUTF8() has been given maxlen=0.<br>
<br>
#0 0x081231f4 in sword::GS_StringMgr::upperUTF8 (this=0x99cc550, text=0xb5b6c1b "LORD", maxlen=0) at gs_stringmgr.cpp:34<br>
#1 0x0817c1b8 in sword::toupperstr (t=0xb5b6c1b "LORD", max=0) at ../include/stringmgr.h:94<br>
#2 0x0818135f in sword::OSISPlain::handleToken (this=0xb7a5638, buf=@0xb9c6964, token=0xbfbe679c "/divineName", userData=0xc1d7560) at ../src/modules/filters/osisplain.cpp:172<br>
#3 0x081d0d85 in sword::SWBasicFilter::processText (this=0xb7a5638, text=@0xb9c6964, key=0xc1cd6b8, module=0xb9c68dc) at ../src/modules/filters/swbasicfilter.cpp:364<br>
#4 0x081be2e2 in sword::SWModule::filterBuffer (this=0xb9c68dc, filters=0x91c66d8, buf=@0xb9c6964, key=0xc1cd6b8) at ../src/modules/swmodule.cpp:1271<br>
#5 0x081af5d9 in sword::SWModule::stripFilter (this=0xb9c68dc, buf=@0xb9c6964, key=0xc1cd6b8) at ../include/swmodule.h:566<br>
#6 0x081c0f66 in sword::SWModule::RenderText (this=0xb9c68dc, buf=0x0, len=-1, render=false) at ../src/modules/swmodule.cpp:796<br>
#7 0x081be256 in sword::SWModule::StripText (this=0xb9c68dc, buf=0x0, len=-1) at ../src/modules/swmodule.cpp:762<br>
#8 0x0813582f in BackEnd::get_strip_text (this=0xb790b20, module_name=0x90f20c8 "NASB", key=0xc137dc0 "Deuteronomy 12:5") at sword_main.cc:496<br>
#9 0x0810f991 in main_do_dialog_search () at search_dialog.cc:1492<br>
<br>
(gdb) p text<br>
$1 = 0xb5b6c1b "LORD"<br>
(gdb) p upper_str<br>
$2 = 0xc1d8f18 "LORD"<br>
(gdb) p newlen<br>
$3 = -1<br>
(gdb) up<br>
#1 0x0817c1b8 in sword::toupperstr (t=0xbc43653 "LORD", max=0) at ../include/stringmgr.h:94<br>
94 return StringMgr::getSystemStringMgr()->upperUTF8(t, max);<br>
(gdb) p max<br>
$4 = 0<br>
<br>
memcpy() takes an unsigned (size_t) length, and GS inadvertently handed<br>
it 0xffffffff because sword::toupperstr() gave us 0. That, in turn, is<br>
because OSISPlain::handleToken() called toupperstr with one arg,<br>
defaulting its 2nd arg "max" to zero.<br>
<br>
_______________________________________________<br>
sword-devel mailing list: <a href="mailto:sword-devel@crosswire.org">sword-devel@crosswire.org</a><br>
<a href="http://www.crosswire.org/mailman/listinfo/sword-devel" target="_blank">http://www.crosswire.org/mailman/listinfo/sword-devel</a><br>
Instructions to unsubscribe/change your settings at above page<br>
</blockquote></div><br><br>