Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647
Signed-off-by: Alistair Leslie-Hughes <[email protected]>
>From 21f44f47c7dc95bad082fe37966febf1feba6e9f Mon Sep 17 00:00:00 2001 From: Alistair Leslie-Hughes <[email protected]> Date: Fri, 1 Apr 2011 20:26:30 +1100 Subject: [PATCH] xkbcomp: Stop possible overflow in yyGetnumber. #31647 Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647 Signed-off-by: Alistair Leslie-Hughes <[email protected]> --- xkbscan.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xkbscan.c b/xkbscan.c index 03193e2..6959639 100644 --- a/xkbscan.c +++ b/xkbscan.c @@ -613,7 +613,8 @@ yyGetNumber(int ch) buf[0] = ch; nInBuf = 1; while (((ch = scanchar()) != EOF) - && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x')))) + && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x'))) + && nInBuf < 1024) { buf[nInBuf++] = ch; } @@ -621,7 +622,8 @@ yyGetNumber(int ch) { isFloat = 1; buf[nInBuf++] = ch; - while (((ch = scanchar()) != EOF) && (isxdigit(ch))) + while (((ch = scanchar()) != EOF) && (isxdigit(ch)) + && nInBuf < 1024) { buf[nInBuf++] = ch; } -- 1.7.1
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
