fscanf %s arguments don't include the trailing \0 byte in their counts.
Error: Buffer overrun
Buffer overflow (CWE 120): Use of fscanf(%1024[), with buffer 'font'
Array size is 1024 bytes
at line 707 of mkfontscale.c in function 'readFontScale'.
Buffer overflow (CWE 120): Use of fscanf(%1024s), with buffer 'file'
Array size is 1024 bytes
at line 707 of mkfontscale.c in function 'readFontScale'.
[ This bug was found by the Parfait 0.3.6 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <[email protected]>
---
mkfontscale.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/mkfontscale.c b/mkfontscale.c
index ef3f490..ba2f841 100644
--- a/mkfontscale.c
+++ b/mkfontscale.c
@@ -679,7 +679,7 @@ readFontScale(HashTablePtr entries, char *dirname)
char *filename;
FILE *in;
int rc, count, i;
- char file[MAXFONTFILENAMELEN], font[MAXFONTNAMELEN];
+ char file[MAXFONTFILENAMELEN+1], font[MAXFONTNAMELEN+1];
if(dirname[n - 1] == '/')
filename = dsprintf("%sfonts.scale", dirname);
--
1.7.3.2
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
