[PATCH:xsm] Add size limit to scanf string specifier
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Nov 28 18:56:46 PST 2011
While it's tempting to just switch to fgets(), that would require
implementing our own whitespace stripping to match the current
scanf behavior.
Fixes parfait static analysis warning:
Error: Buffer overrun
Buffer overflow (CWE 120): Use of fscanf(%s), with buffer 'buf'
at line 135 of app/xsm/lock.c in function 'GetLockId'.
[ This bug was found by the Parfait 0.3.7 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
lock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/lock.c b/lock.c
index 9a4553a..d51d09e 100644
--- a/lock.c
+++ b/lock.c
@@ -132,7 +132,7 @@ GetLockId(const char *session_name)
}
buf[0] = '\0';
- fscanf (fp, "%s\n", buf);
+ fscanf (fp, "%255s\n", buf);
ret = XtNewString (buf);
fclose (fp);
--
1.7.3.2
More information about the xorg-devel
mailing list