Changed to use a const int, as a suggestion from Dan.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647 Signed-off-by: Alistair Leslie-Hughes
>From 8c1bdf5efad50477666735ae316203cf4e362fcb Mon Sep 17 00:00:00 2001 From: Alistair Leslie-Hughes <[email protected]> Date: Fri, 1 Apr 2011 20:26:30 +1100 Subject: [PATCH] xkbcomp: Stop possible overflow in yyGetnumber. #31647 Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647 Signed-off-by: Alistair Leslie-Hughes <[email protected]> --- xkbscan.c | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-) diff --git a/xkbscan.c b/xkbscan.c index 03193e2..814a123 100644 --- a/xkbscan.c +++ b/xkbscan.c @@ -606,14 +606,16 @@ yyGetIdent(int first) static int yyGetNumber(int ch) { + const int nMaxBuffSize = 1024; int isFloat = 0; - char buf[1024]; + char buf[nMaxBuffSize]; int nInBuf = 0; buf[0] = ch; nInBuf = 1; while (((ch = scanchar()) != EOF) - && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x')))) + && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x'))) + && nInBuf < nMaxBuffSize) { buf[nInBuf++] = ch; } @@ -621,7 +623,8 @@ yyGetNumber(int ch) { isFloat = 1; buf[nInBuf++] = ch; - while (((ch = scanchar()) != EOF) && (isxdigit(ch))) + while (((ch = scanchar()) != EOF) && (isxdigit(ch)) + && nInBuf < nMaxBuffSize) { buf[nInBuf++] = ch; } -- 1.7.1
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
