[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master ebc3b25: Fix buffer overflow in xbm_scan (bug#47094)
From: |
Alan Third |
Subject: |
master ebc3b25: Fix buffer overflow in xbm_scan (bug#47094) |
Date: |
Sat, 13 Mar 2021 17:03:19 -0500 (EST) |
branch: master
commit ebc3b25409dd614c1814a0643960452683e37aa3
Author: Alan Third <alan@idiocy.org>
Commit: Alan Third <alan@idiocy.org>
Fix buffer overflow in xbm_scan (bug#47094)
* src/image.c (xbm_scan): Ensure reading a string doesn't overflow the
buffer.
---
src/image.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/image.c b/src/image.c
index 6d493f6..b85418c 100644
--- a/src/image.c
+++ b/src/image.c
@@ -3392,6 +3392,7 @@ static int
xbm_scan (char **s, char *end, char *sval, int *ival)
{
unsigned char c UNINIT;
+ char *sval_end = sval + BUFSIZ;
loop:
@@ -3451,7 +3452,7 @@ xbm_scan (char **s, char *end, char *sval, int *ival)
else if (c_isalpha (c) || c == '_')
{
*sval++ = c;
- while (*s < end
+ while (*s < end && sval < sval_end
&& (c = *(*s)++, (c_isalnum (c) || c == '_')))
*sval++ = c;
*sval = 0;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- master ebc3b25: Fix buffer overflow in xbm_scan (bug#47094),
Alan Third <=