The array is defined as having NUM_LOCALEDIR entries, so use that instead of hardcoded 256 value (the other two calls already did this).
Reported by parfait: Buffer overflow (CWE 120): In pointer dereference of argv[argc] with index argc Pointer size is 64 elements (of 8 bytes each), index is 255 at line 82 of src/xlibi18n/lcFile.c in function 'parse_line'. called at line 178 in function '_XlcParsePath' with argv = argv. called at line 722 in function '_XlcLocaleLibDirName' with argv = args, argsize = 256. at line 82 of src/xlibi18n/lcFile.c in function 'parse_line'. called at line 178 in function '_XlcParsePath' with argv = argv. called at line 638 in function '_XlcLocaleDirName' with argv = args, argsize = 256. [ This bug was found by the Parfait 1.2.0 bug checking tool. http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ] Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> --- src/xlibi18n/lcFile.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n/lcFile.c index 6b0e4c9..bf89084 100644 --- a/src/xlibi18n/lcFile.c +++ b/src/xlibi18n/lcFile.c @@ -635,7 +635,7 @@ _XlcLocaleDirName(char *dir_name, size_t dir_len, const char *lc_name) } xlocaledir (dir, PATH_MAX); - n = _XlcParsePath(dir, args, 256); + n = _XlcParsePath(dir, args, NUM_LOCALEDIR); for (i = 0; i < n; ++i) { char *name = NULL; @@ -714,7 +714,7 @@ _XlcLocaleLibDirName(char *dir_name, size_t dir_len, const char *lc_name) } xlocalelibdir (dir, PATH_MAX); - n = _XlcParsePath(dir, args, 256); + n = _XlcParsePath(dir, args, NUM_LOCALEDIR); for (i = 0; i < n; ++i) { char *name = NULL; -- 1.7.9.2 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel