From b43bf8f30432d509ea91600d686f827c7ed75ea5 Mon Sep 17 00:00:00 2001 From: hellkite500 Date: Mon, 24 Apr 2023 14:31:57 -0600 Subject: [PATCH 1/2] fix (for the 9th time) potential overflow that can lead to infinite loop in file reading --- extern/test_bmi_c/src/bmi_test_bmi_c.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/extern/test_bmi_c/src/bmi_test_bmi_c.c b/extern/test_bmi_c/src/bmi_test_bmi_c.c index 71e11c62eb..4adb8c3b45 100644 --- a/extern/test_bmi_c/src/bmi_test_bmi_c.c +++ b/extern/test_bmi_c/src/bmi_test_bmi_c.c @@ -729,7 +729,11 @@ int read_file_line_counts(const char* file_name, int* line_count, int* max_line_ return -1; } int seen_non_whitespace = 0; - char c; + int c; //EOF is a negative constant...and char may be either signed OR unsigned + //depending on the compiler, system, achitectured, ect. So there are cases + //where this loop could go infinite comparing EOF to unsigned char + //the return of fgetc is int, and should be stored as such! + //https://stackoverflow.com/questions/35356322/difference-between-int-and-char-in-getchar-fgetc-and-putchar-fputc for (c = fgetc(fp); c != EOF; c = fgetc(fp)) { // keep track if this line has seen any char other than space or tab if (c != ' ' && c != '\t' && c != '\n') From 4a2200a704ba5d3cb490b2c055b7b3ed8e947f87 Mon Sep 17 00:00:00 2001 From: hellkite500 Date: Mon, 24 Apr 2023 14:33:15 -0600 Subject: [PATCH 2/2] if only there were some way to avoid patching this 10 times... --- extern/test_bmi_cpp/src/test_bmi_cpp.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/extern/test_bmi_cpp/src/test_bmi_cpp.cpp b/extern/test_bmi_cpp/src/test_bmi_cpp.cpp index de19b9e863..c6d898de04 100644 --- a/extern/test_bmi_cpp/src/test_bmi_cpp.cpp +++ b/extern/test_bmi_cpp/src/test_bmi_cpp.cpp @@ -426,7 +426,11 @@ void TestBmiCpp::read_file_line_counts(std::string file_name, int* line_count, i throw std::runtime_error("Configuration file does not exist." SOURCE_LOC); } int seen_non_whitespace = 0; - char c; + int c; //EOF is a negative constant...and char may be either signed OR unsigned + //depending on the compiler, system, achitectured, ect. So there are cases + //where this loop could go infinite comparing EOF to unsigned char + //the return of fgetc is int, and should be stored as such! + //https://stackoverflow.com/questions/35356322/difference-between-int-and-char-in-getchar-fgetc-and-putchar-fputc for (c = fgetc(fp); c != EOF; c = fgetc(fp)) { // keep track if this line has seen any char other than space or tab if (c != ' ' && c != '\t' && c != '\n')