about summary refs log tree commit diff
path: root/converter/other
diff options
context:
space:
mode:
authorgiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2022-10-14 02:11:06 +0000
committergiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2022-10-14 02:11:06 +0000
commit5e91e2d3ffb0e9bc2a342dcf6f0ba951b95c601e (patch)
treea8862c85dba24911312e09b0c23032f2bbb6564c /converter/other
parente280163b05263c979c69d671f7ce2351485bab15 (diff)
downloadnetpbm-mirror-5e91e2d3ffb0e9bc2a342dcf6f0ba951b95c601e.tar.gz
netpbm-mirror-5e91e2d3ffb0e9bc2a342dcf6f0ba951b95c601e.tar.xz
netpbm-mirror-5e91e2d3ffb0e9bc2a342dcf6f0ba951b95c601e.zip
Fix invalid memory reference (nonterminated ASCIIZ string)
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4447 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat (limited to 'converter/other')
-rw-r--r--converter/other/fitstopnm.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/converter/other/fitstopnm.c b/converter/other/fitstopnm.c
index 82c19a69..804d4ae9 100644
--- a/converter/other/fitstopnm.c
+++ b/converter/other/fitstopnm.c
@@ -355,7 +355,7 @@ readCard(FILE * const ifP,
     size_t bytesRead;
 
     bytesRead = fread(buf, 1, 80, ifP);
-    if (bytesRead == 0)
+    if (bytesRead < 80)
         pm_error("error reading header");
 }
 
@@ -394,8 +394,10 @@ static void
 readFitsHeader(FILE *               const ifP,
                struct FITS_Header * const hP) {
 
-    bool gotSimple, gotNaxis, gotN1, gotN2, gotN3, gotBitpix, gotEnd;
 
+    bool gotEmpty, gotSimple, gotNaxis, gotN1, gotN2, gotN3, gotBitpix, gotEnd;
+
+    gotEmpty  = false;  /* initial value */    
     gotSimple = false;  /* initial value */
     gotNaxis  = false;  /* initial value */
     gotN1     = false;  /* initial value */
@@ -412,14 +414,19 @@ readFitsHeader(FILE *               const ifP,
 
     while (!gotEnd) {
         unsigned int i;
+
         for (i = 0; i < 36; ++i) {
-            char buf[80];
+            char buf[81];
             char c;
             int n;
 
-            readCard(ifP, buf);
+            readCard(ifP, buf); /* Reads into first 80 elements of buf[] */
+
+            buf[80] = '\0'; /* Make ASCIIZ string */
 
-            if (sscanf(buf, "SIMPLE = %c", &c) == 1) {
+            if (sscanf(buf, " %c", &c) < 1) {
+                gotEmpty = true;
+            } else if (sscanf(buf, "SIMPLE = %c", &c) == 1) {
                 if (gotSimple)
                     pm_error("FITS header has two SIMPLE keywords");
                 gotSimple = true;
@@ -454,6 +461,9 @@ readFitsHeader(FILE *               const ifP,
             } else if (sscanf(buf, "BSCALE = %lf", &(hP->bscale)) == 1) {
             } else if (strncmp(buf, "END ", 4 ) == 0) {
                 gotEnd = true;
+                if (gotEmpty == true)
+                    pm_message("Blank card(s) were encountered before "
+			       "END in header");
             }
         }
     }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 03:24:49 +0000