On Sun, Apr 03, 2011 at 08:19:13PM +1000, Alistair Leslie-Hughes wrote: > Changed to use a const int, as a suggestion from Dan. > > Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647 > > Signed-off-by: Alistair Leslie-Hughes
pushed, thank you. Cheers, Peter > >From 8c1bdf5efad50477666735ae316203cf4e362fcb Mon Sep 17 00:00:00 2001 > From: Alistair Leslie-Hughes <[email protected]> > Date: Fri, 1 Apr 2011 20:26:30 +1100 > Subject: [PATCH] xkbcomp: Stop possible overflow in yyGetnumber. #31647 > > Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647 > > Signed-off-by: Alistair Leslie-Hughes <[email protected]> > --- > xkbscan.c | 9 ++++++--- > 1 files changed, 6 insertions(+), 3 deletions(-) > > diff --git a/xkbscan.c b/xkbscan.c > index 03193e2..814a123 100644 > --- a/xkbscan.c > +++ b/xkbscan.c > @@ -606,14 +606,16 @@ yyGetIdent(int first) > static int > yyGetNumber(int ch) > { > + const int nMaxBuffSize = 1024; > int isFloat = 0; > - char buf[1024]; > + char buf[nMaxBuffSize]; > int nInBuf = 0; > > buf[0] = ch; > nInBuf = 1; > while (((ch = scanchar()) != EOF) > - && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x')))) > + && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x'))) > + && nInBuf < nMaxBuffSize) > { > buf[nInBuf++] = ch; > } > @@ -621,7 +623,8 @@ yyGetNumber(int ch) > { > isFloat = 1; > buf[nInBuf++] = ch; > - while (((ch = scanchar()) != EOF) && (isxdigit(ch))) > + while (((ch = scanchar()) != EOF) && (isxdigit(ch)) > + && nInBuf < nMaxBuffSize) > { > buf[nInBuf++] = ch; > } > -- > 1.7.1 > > _______________________________________________ > [email protected]: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
