diff options
author | Alan Coopersmith <alan.coopersmith@sun.com> | 2009-05-11 09:39:03 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@sun.com> | 2009-05-11 09:47:26 -0700 |
commit | eeaa4aec798ef045d0b3b9de3c25932b85b9ac3d (patch) | |
tree | 49b42e4d6343db697fef5dd452d4423e22b67937 /expr.c | |
parent | 2fd42dae8840089727f95211abdb86316e566afd (diff) |
Use temporary buffer for generating Uxxx names to avoid overflow
Instead of sprintf()'ing a 4 character string to a char [4] buffer,
and leaving the trailing '\0' to overwrite into the next entry,
snprintf() to a 5 character temp buffer and memcpy the 4 characters
to the right place.
Fixes parfait errors:
Error: Buffer overflow at xkbcomp-1.0.4/misc.c:393
in function 'ComputeKbdDefaults' [Standard C Library pattern matching]
In sprintf related dereference of xkb->names->keys[i].name
with index not less than '4'
Destination array size is 4 bytes, data to be written is 4 bytes
Error: Buffer overflow at xkbcomp-1.0.4/misc.c:402
in function 'ComputeKbdDefaults' [Standard C Library pattern matching]
In sprintf related dereference of xkb->names->keys[i].name
with index not less than '4'
Destination array size is 4 bytes, data to be written is 4 bytes
[This bug was found by the Parfait bug checking tool.
For more information see http://research.sun.com/projects/parfait ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Diffstat (limited to 'expr.c')
0 files changed, 0 insertions, 0 deletions