diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2011-02-24 23:15:25 -0800 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2011-03-01 19:17:51 -0800 |
commit | 9d424d79ca56e7e372a286fca478996eeee8ebfe (patch) | |
tree | 5019e14df6f92d79dfe202796ad7756eab78aec5 | |
parent | 45b33b463c8acc2c0ff37e209387d6b664576cc4 (diff) |
Leave room for null terminator in file & font name arrays
fscanf %s arguments don't include the trailing \0 byte in their counts.
Error: Buffer overrun
Buffer overflow (CWE 120): Use of fscanf(%1024[), with buffer 'font'
Array size is 1024 bytes
at line 707 of mkfontscale.c in function 'readFontScale'.
Buffer overflow (CWE 120): Use of fscanf(%1024s), with buffer 'file'
Array size is 1024 bytes
at line 707 of mkfontscale.c in function 'readFontScale'.
[ This bug was found by the Parfait 0.3.6 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
-rw-r--r-- | mkfontscale.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mkfontscale.c b/mkfontscale.c index ef3f490..ba2f841 100644 --- a/mkfontscale.c +++ b/mkfontscale.c @@ -679,7 +679,7 @@ readFontScale(HashTablePtr entries, char *dirname) char *filename; FILE *in; int rc, count, i; - char file[MAXFONTFILENAMELEN], font[MAXFONTNAMELEN]; + char file[MAXFONTFILENAMELEN+1], font[MAXFONTNAMELEN+1]; if(dirname[n - 1] == '/') filename = dsprintf("%sfonts.scale", dirname); |