Post by Bill CunninghamPost by PaulPost by Richard Heathfield<snip>
Post by PaulTo see a working implementation, see
for certain values of "working" :-)
Post by Paulhttp://www.ridgecrop.demon.co.uk/download/fat32formatsrc.zip
[fat32format.c line 488]
strcpy( pFAT32BootSect->sOEMName, "MSWIN4.1" );
pFAT32BootSect->wBytsPerSec = (WORD) BytesPerSect;
It sits in the middle of ...
typedef struct tagFAT_BOOTSECTOR32
{
BYTE sJmpBoot[3];
BYTE sOEMName[8]; <---
There's your problem right there. You're copying 9 bytes into an 8-byte
array. This is one of those times when you need memcpy.
Post by PaulWORD wBytsPerSec; <---
...
} FAT_BOOTSECTOR32;
I would have done this a different way, but then,
I'm not a C programmer.
I would have done this a different way, too, but then, I *am* a C
programmer.
Well, I wasn't sure it would copy nine bytes or not.
I figured the placement of the
pFAT32BootSect->wBytsPerSec = (WORD) BytesPerSect;
was "strategic" :-) Initializing right after the damage
is done, or something.
[snip] extra
Well does it copy 9 bytes by the look of it. I can't expect you to code it
but does it look like it might fail?
Bill
The problem involves a large array of bytes (a "sector").
Items stored in there, are just byte values.
But for fun, the specification defines an 8 byte array of char,
with a magic group of characters. On either side of the grouping,
are other important pieces of data.
Due to the proximity of other material in the array, the options
are:
1) Copy the eight items M,S,W,I,N,4,., and 1,
one at a time. The item as described in the specification
is not a string, but just eight adjacent bytes.
2) To strcpy "MSWIN4.1" operation would copy nine bytes into
an eight byte hole. That's an overflowing of the storage space
and wrong. Since the author at Ridgecrop immediately overwrites
the next two bytes in the next line of code, maybe he didn't
care about the bad programming practice, and did those purely
so you could see the string "MSWIN4.1" in print. It is also possible
the Ridgecrop author copied this from somewhere else.
3) Another way to do it is with strncpy, where you can specify a
length of 8, chopping off the null on the end of the constant,
and not damaging the adjacent location.
That's my interpretation of what is going on. I would prefer (1)
above, as by doing so, I would be pointing out to the reader of
my code, that there is no room to store a trailing null of a traditional
C "string" constant, in the hole provided.
Solution (3) preserves the Ridgecrop author's attempt to make it
look like a string, but without damaging anything when the
strncpy runs.
http://linux.die.net/man/3/strncpy
"Warning: If there is no null byte among the first n bytes of src,
the string placed in dest will not be null-terminated."
And that is *exactly* what we want in this case, given that this
constant ("MSWIN4.1") is nine bytes long, and in actual fact we
only want the first n=8 to be copied. The n=8 would be the last
parameter in the strncpy call.
I couldn't believe my eyes, and wanted someone else to point
out the very bad practice.
Paul