Re: [PATCH:mkfontscale 1/2] Leave room for null terminator in file font name arrays
On Thu, Feb 24, 2011 at 23:38:44 -0800, Alan Coopersmith wrote: fscanf %s arguments don't include the trailing \0 byte in their counts. Error: Buffer overrun Buffer overflow (CWE 120): Use of fscanf(%1024[), with buffer 'font' Array size is 1024 bytes at line 707 of mkfontscale.c in function 'readFontScale'. Buffer overflow (CWE 120): Use of fscanf(%1024s), with buffer 'file' Array size is 1024 bytes at line 707 of mkfontscale.c in function 'readFontScale'. [ This bug was found by the Parfait 0.3.6 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com --- mkfontscale.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/mkfontscale.c b/mkfontscale.c index ef3f490..ba2f841 100644 --- a/mkfontscale.c +++ b/mkfontscale.c @@ -679,7 +679,7 @@ readFontScale(HashTablePtr entries, char *dirname) char *filename; FILE *in; int rc, count, i; -char file[MAXFONTFILENAMELEN], font[MAXFONTNAMELEN]; +char file[MAXFONTFILENAMELEN+1], font[MAXFONTNAMELEN+1]; if(dirname[n - 1] == '/') filename = dsprintf(%sfonts.scale, dirname); Reviewed-by: Julien Cristau jcris...@debian.org Cheers, Julien ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH:mkfontscale 1/2] Leave room for null terminator in file font name arrays
fscanf %s arguments don't include the trailing \0 byte in their counts. Error: Buffer overrun Buffer overflow (CWE 120): Use of fscanf(%1024[), with buffer 'font' Array size is 1024 bytes at line 707 of mkfontscale.c in function 'readFontScale'. Buffer overflow (CWE 120): Use of fscanf(%1024s), with buffer 'file' Array size is 1024 bytes at line 707 of mkfontscale.c in function 'readFontScale'. [ This bug was found by the Parfait 0.3.6 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com --- mkfontscale.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/mkfontscale.c b/mkfontscale.c index ef3f490..ba2f841 100644 --- a/mkfontscale.c +++ b/mkfontscale.c @@ -679,7 +679,7 @@ readFontScale(HashTablePtr entries, char *dirname) char *filename; FILE *in; int rc, count, i; -char file[MAXFONTFILENAMELEN], font[MAXFONTNAMELEN]; +char file[MAXFONTFILENAMELEN+1], font[MAXFONTNAMELEN+1]; if(dirname[n - 1] == '/') filename = dsprintf(%sfonts.scale, dirname); -- 1.7.3.2 ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
