Applied with a few changes. Just commited to the CD SVN. Thanks, Scuri
Em qua., 8 de set. de 2021 às 00:05, sur-behoffski < sur_behoff...@grouse.com.au> escreveu: > G'day, > > Thanks for processing my previous patch. > > Here is another patch that uses snprintf(3) to avoid potential > buffer overflow cases (and GCC 10.3 warnings): > > There's two instances of "%str" as part of a format specifier for > the original "sprintf" code... These probably should be "%s". > > The error recovery code I've used in the change comes from code used > a little further down the function... I'm not sure if I've tackled > this the right way (and I haven't tried to comprehend the comments!) > > A patch is attached. The "%str"/"%s" discontinuity was only noticed > late in the process, but I think I've caught it in the patch. > > cheers, > > s-b etc. > > > -------- > > > -- (Original start of cdCanvasVectorFont (rather long, sigh)) -- > > > char *cdCanvasVectorFont(cdCanvas* canvas, const char *file) > { > cdVectorFont* vector_font; > > assert(canvas); > assert(file); > if (!_cdCheckCanvas(canvas)) return NULL; > > vector_font = canvas->vector_font; > if (!file || file[0] == 0) > { > vf_setdefaultfont(vector_font); > vector_font->file_name[0] = 0; > } > else > { > FILE *font = NULL; > int read_ok; > char *env; > > /* se arquivo foi o mesmo que o arq. corrente, entao retorna */ > if (strcmp (file, vector_font->file_name) == 0) > return vector_font->name; > > /* abre arq. no dir. corrente */ > font = fopen(file, "r"); > > /* se nao conseguiu, abre arq. no dir. do cd, */ > env = getenv("CDDIR"); > if (!font && env && strlen(file)<10240) > { > char filename[10240]; > sprintf(filename, "%str/%str", env, file); > font = fopen(filename, "r"); > } > > if (font) > read_ok = vf_readfontfile(font, vector_font); > else > read_ok = vf_readfontstring(file, vector_font); > > if (!read_ok) > { > if (font) fclose(font); > vf_setdefaultfont(vector_font); > vector_font->file_name[0] = 0; > return NULL; > } > > /* ... remainder of function elided ... */ > > > > -------- > > > > char *cdCanvasVectorFont(cdCanvas* canvas, const char *file) > { > cdVectorFont* vector_font; > > assert(canvas); > assert(file); > if (!_cdCheckCanvas(canvas)) return NULL; > > vector_font = canvas->vector_font; > if (!file || file[0] == 0) > { > vf_setdefaultfont(vector_font); > vector_font->file_name[0] = 0; > } > else > { > FILE *font = NULL; > int read_ok; > char *env; > > /* se arquivo foi o mesmo que o arq. corrente, entao retorna */ > if (strcmp (file, vector_font->file_name) == 0) > return vector_font->name; > > /* abre arq. no dir. corrente */ > font = fopen(file, "r"); > > /* se nao conseguiu, abre arq. no dir. do cd, */ > env = getenv("CDDIR"); > if (!font && env) > { > char filename[10240]; > int result; > > result = snprintf(filename, sizeof(filename), > "%s/%s", > env, file); > if ((result < 0) || (result >= sizeof(filename))) > { > vf_setdefaultfont(vector_font); > vector_font->file_name[0] = 0; > return NULL; > } > font = fopen(filename, "r"); > } > > if (font) > read_ok = vf_readfontfile(font, vector_font); > else > read_ok = vf_readfontstring(file, vector_font); > > if (!read_ok) > { > if (font) fclose(font); > vf_setdefaultfont(vector_font); > vector_font->file_name[0] = 0; > return NULL; > } > > /* ... remainder of function elided ... */ > > -- (End of text.) -- > _______________________________________________ > Iup-users mailing list > Iup-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/iup-users >
_______________________________________________ Iup-users mailing list Iup-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iup-users