tasn pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=8203c79678b4777837ce25b5d1f6fd328d4ef246

commit 8203c79678b4777837ce25b5d1f6fd328d4ef246
Author: Tom Hacohen <t...@stosb.com>
Date:   Fri Apr 8 11:34:53 2016 +0100

    Evas langauge: Prevent potential buffer overflow and clean code.
    
    We were copying a user defined string into a fixed size buffer
    without doing any boundary checks. This commit fixes that.
    Also cleaned up similar code that was using hardcoded numbers.
    
    @fix.
---
 src/lib/evas/common/language/evas_language_utils.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib/evas/common/language/evas_language_utils.c 
b/src/lib/evas/common/language/evas_language_utils.c
index f8b38b6..ce075a1 100644
--- a/src/lib/evas/common/language/evas_language_utils.c
+++ b/src/lib/evas/common/language/evas_language_utils.c
@@ -145,8 +145,9 @@ evas_common_language_from_locale_get(void)
    if (locale && *locale)
      {
         char *itr;
-        strncpy(lang, locale, 5);
-        lang[5] = '\0';
+        const size_t size = sizeof(lang);
+        strncpy(lang, locale, size - 1);
+        lang[size - 1] = '\0';
         itr = lang;
         while (*itr)
           {
@@ -171,6 +172,7 @@ evas_common_language_from_locale_full_get(void)
    locale = setlocale(LC_MESSAGES, NULL);
    if (locale && *locale)
      {
+        const size_t size = sizeof(lang_full);
         size_t i;
         for (i = 0 ; locale[i] ; i++)
           {
@@ -178,6 +180,12 @@ evas_common_language_from_locale_full_get(void)
              if ((c == '.') || (c == '@') || (c == ' ')) /* Looks like 
en_US.UTF8 or de_DE@euro or aa_ER UTF-8*/
                 break;
           }
+
+        if (i >= size)
+          {
+             i = size - 1;
+          }
+
         strncpy(lang_full, locale, i);
         lang_full[i] = '\0';
         return lang_full;

-- 


Reply via email to