walkero
/
fontconfig
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Leave room for null terminators in arrays 

Code currently returns a fatal error if it tries to add more entries
than the array has room for, but it wasn't checking to make sure
the final null terminator entry would fit.

Reported by parfait 1.3:
Error: Buffer overrun
   Buffer overflow (CWE 120): In array dereference of files[i] with index i
      Array size is 256 elements (of 4 bytes each), index >= 0 and index <= 256
        at line 250 of fc-glyphname/fc-glyphname.c in function 'main'.
Error: Buffer overrun
   Buffer overflow (CWE 120): In array dereference of entries[i] with index i
      Array size is 1024 elements (of 8 bytes each), index >= 0 and index <= 1024
        at line 298 of fc-lang/fc-lang.c in function 'main'.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This commit is contained in:
Alan Coopersmith 2013-11-02 10:23:55 -07:00 committed by Akira TAGOH
parent 767108aa13
commit cb72901d0b
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fc-glyphname/fc-glyphname.c
View File

@ -233,7 +233,7 @@ dump (FcGlyphName * const *table, const char *name)
int
main (int argc FC_UNUSED, char **argv)
{
char *files[MAX_GLYPHFILE];
char *files[MAX_GLYPHFILE + 1];
char line[1024];
FILE *f;
int i;

2
fc-lang/fc-lang.c
View File

@ -254,7 +254,7 @@ static int compare (const void *a, const void *b)
int
main (int argc FC_UNUSED, char **argv)
{
static Entry entries[MAX_LANG];
static Entry entries[MAX_LANG + 1];
static FcCharSet *sets[MAX_LANG];
static int duplicate[MAX_LANG];
static int country[MAX_LANG];