From cb72901d0b7dff73ea2596491c5db602e4750853 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sat, 2 Nov 2013 10:23:55 -0700 Subject: [PATCH] Leave room for null terminators in arrays Code currently returns a fatal error if it tries to add more entries than the array has room for, but it wasn't checking to make sure the final null terminator entry would fit. Reported by parfait 1.3: Error: Buffer overrun Buffer overflow (CWE 120): In array dereference of files[i] with index i Array size is 256 elements (of 4 bytes each), index >= 0 and index <= 256 at line 250 of fc-glyphname/fc-glyphname.c in function 'main'. Error: Buffer overrun Buffer overflow (CWE 120): In array dereference of entries[i] with index i Array size is 1024 elements (of 8 bytes each), index >= 0 and index <= 1024 at line 298 of fc-lang/fc-lang.c in function 'main'. Signed-off-by: Alan Coopersmith --- fc-glyphname/fc-glyphname.c | 2 +- fc-lang/fc-lang.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fc-glyphname/fc-glyphname.c b/fc-glyphname/fc-glyphname.c index 8402781..078490a 100644 --- a/fc-glyphname/fc-glyphname.c +++ b/fc-glyphname/fc-glyphname.c @@ -233,7 +233,7 @@ dump (FcGlyphName * const *table, const char *name) int main (int argc FC_UNUSED, char **argv) { - char *files[MAX_GLYPHFILE]; + char *files[MAX_GLYPHFILE + 1]; char line[1024]; FILE *f; int i; diff --git a/fc-lang/fc-lang.c b/fc-lang/fc-lang.c index 0f4217f..38fc697 100644 --- a/fc-lang/fc-lang.c +++ b/fc-lang/fc-lang.c @@ -254,7 +254,7 @@ static int compare (const void *a, const void *b) int main (int argc FC_UNUSED, char **argv) { - static Entry entries[MAX_LANG]; + static Entry entries[MAX_LANG + 1]; static FcCharSet *sets[MAX_LANG]; static int duplicate[MAX_LANG]; static int country[MAX_LANG];