diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-12-23 18:34:02 -0800 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-12-30 18:09:45 -0800 |
| commit | 4d024ac10f964f6bd372ae0dd14f02772a6e5f63 (patch) | |
| tree | a5e54793d5d63922f423308b98372648679ea3b2 | |
| parent | fdcf9a9be6a5d453659beadec5d1a1fdbab9afaf (diff) | |
CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()
Fixes cppcheck warning:
[lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
scanf without field width limits can crash with huge input data.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
| -rw-r--r-- | src/bitmap/bdfread.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c index e2770dc..e11c5d2 100644 --- a/src/bitmap/bdfread.c +++ b/src/bitmap/bdfread.c @@ -338,7 +338,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState, char charName[100]; int ignore; - if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) { + if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) { bdfError("bad character name in BDF file\n"); goto BAILOUT; /* bottom of function, free and return error */ } |