diff --git a/concore_default_maxtime.m b/concore_default_maxtime.m index 5627d5f..489187d 100644 --- a/concore_default_maxtime.m +++ b/concore_default_maxtime.m @@ -3,7 +3,17 @@ function concore_default_maxtime(default) try maxfile = fopen(strcat(concore.inpath,'1/concore.maxtime')); instr = fscanf(maxfile,'%c'); - concore.maxtime = eval(instr); + % Safe numeric parsing (replaces unsafe eval) + clean_str = strtrim(instr); + clean_str = regexprep(clean_str, '[\[\]]', ''); + % Normalize commas to whitespace so sscanf can parse all tokens + clean_str = strrep(clean_str, ',', ' '); + parsed_values = sscanf(clean_str, '%f'); + if numel(parsed_values) == 1 + concore.maxtime = parsed_values; + else + concore.maxtime = default; + end fclose(maxfile); catch exc concore.maxtime = default; diff --git a/concore_initval.m b/concore_initval.m index 73cc146..4b92b31 100644 --- a/concore_initval.m +++ b/concore_initval.m @@ -1,6 +1,20 @@ function [result] = concore_initval(simtime_val) global concore; - result = eval(simtime_val); + % Safe numeric parsing (replaces unsafe eval) + clean_str = strtrim(simtime_val); + clean_str = regexprep(clean_str, '[\[\]]', ''); + clean_str = strrep(clean_str, ',', ' '); + result = sscanf(clean_str, '%f').'; + % Guard against empty or invalid numeric input + if isempty(result) + concore.simtime = 0; + result = []; + return; + end concore.simtime = result(1); - result = result(2:length(result)); + if numel(result) >= 2 + result = result(2:end); + else + result = []; + end end diff --git a/concore_iport.m b/concore_iport.m index 128252e..8a2146f 100644 --- a/concore_iport.m +++ b/concore_iport.m @@ -7,7 +7,13 @@ if isequal(s(i:i+length(target)-1),target) for j = i+length(target):length(s) if isequal(s(j),',')||isequal(s(j),'}') - result = eval(s(i+length(target):j-1)); + % Safe numeric parsing (replaces unsafe eval) + port_str = strtrim(s(i+length(target):j-1)); + result = sscanf(port_str, '%f'); + if isempty(result) + % Keep the initialized default value (0) if parsing fails + result = 0; + end return end end diff --git a/concore_oport.m b/concore_oport.m index 9cbe3de..a9ed01b 100644 --- a/concore_oport.m +++ b/concore_oport.m @@ -7,7 +7,9 @@ if isequal(s(i:i+length(target)-1),target) for j = i+length(target):length(s) if isequal(s(j),',')||isequal(s(j),'}') - result = eval(s(i+length(target):j-1)); + % Safe numeric parsing (replaces unsafe eval) + port_str = strtrim(s(i+length(target):j-1)); + result = sscanf(port_str, '%f'); return end end diff --git a/concore_read.m b/concore_read.m index ba32c7b..b4ed1bc 100644 --- a/concore_read.m +++ b/concore_read.m @@ -25,7 +25,21 @@ ins = inistr; end concore.s = strcat(concore.s, ins); - result = eval(ins); - concore.simtime = max(concore.simtime,result(1)); - result = result(2:length(result)); + % Safe numeric parsing (replaces unsafe eval) + clean_str = strtrim(ins); + clean_str = regexprep(clean_str, '[\[\]]', ''); + % Normalize comma delimiters to whitespace so sscanf parses all values + clean_str = strrep(clean_str, ',', ' '); + result = sscanf(clean_str, '%f').'; + % Guard against empty parse result to avoid indexing errors + if isempty(result) + result = []; + return; + end + concore.simtime = max(concore.simtime, result(1)); + if numel(result) > 1 + result = result(2:end); + else + result = []; + end end