bogus strncpy in string_read_callback

Question

bogus strncpy in string_read_callback

olafhering opened this issue 4 years ago · 6 comments

According to the curl documentation, and the actual curl.h, CURLOPT_READFUNCTION is supposed to fill an array of bytes. Therefore the usage of strncpy is wrong.

I guess the function has to look like this:

size_t string_read_callback( char * buffer, size_t size, size_t nitems, wxCharBuffer * instring )
{
    size_t Retval;
    size_t BufLen = size * nitems;
    size_t InLen = strlen( * instring );

    Retval = InLen > BufLen ? BufLen : InLen;
    memcpy(  buffer, ( const char * )( * instring ), Retval );

    wxString remaining = wxString( * instring, wxConvLibc ).Right( InLen - Retval );
    * instring = remaining.ToAscii();

    return Retval;
}

Answer 1 · 2020-12-29T18:49:34.000Z

If its wrong the use of strncpy then its wrong the use of strlen to set the length of the input string.

Answer 2 · 2020-12-29T18:53:06.000Z

The strlen is likely ok, if the input is really a C string. The terminating NUL byte will not be part of the data stream either way.

I'm not familiar with wxWidgets, it seems wxCharBuffer has a len function, perhaps that is what should be used.

Answer 3 · 2020-12-29T19:14:30.000Z

Ok thank you for pointing it to me... I will change it asap.

Answer 4 · 2020-12-29T20:20:50.000Z

Thanks for 3632ef8.
buffer is of type char * I think, not void *.

Answer 5 · 2020-12-30T09:55:21.000Z

buffer is of type char * I think, not void *.

The example at https://curl.se/libcurl/c/CURLOPT_READFUNCTION.html its used as void * , but yes looks like its char *

Answer 6 · 2020-12-30T14:59:04.000Z

One more thought: Instead of wxCharBuffer, some type with a built-in iteration counter should be used. This counter would track how many bytes each invocation of string_read_callback has consumed.