[PATCH] xkbcomp: Stop possible overflow in yyGetnumber. #31647 (try 2)
Peter Hutterer
peter.hutterer at who-t.net
Sun Apr 3 15:50:28 PDT 2011
On Sun, Apr 03, 2011 at 08:19:13PM +1000, Alistair Leslie-Hughes wrote:
> Changed to use a const int, as a suggestion from Dan.
>
> Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647
>
> Signed-off-by: Alistair Leslie-Hughes
pushed, thank you.
Cheers,
Peter
> >From 8c1bdf5efad50477666735ae316203cf4e362fcb Mon Sep 17 00:00:00 2001
> From: Alistair Leslie-Hughes <leslie_alistair at hotmail.com>
> Date: Fri, 1 Apr 2011 20:26:30 +1100
> Subject: [PATCH] xkbcomp: Stop possible overflow in yyGetnumber. #31647
>
> Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647
>
> Signed-off-by: Alistair Leslie-Hughes <leslie_alistair at hotmail.com>
> ---
> xkbscan.c | 9 ++++++---
> 1 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/xkbscan.c b/xkbscan.c
> index 03193e2..814a123 100644
> --- a/xkbscan.c
> +++ b/xkbscan.c
> @@ -606,14 +606,16 @@ yyGetIdent(int first)
> static int
> yyGetNumber(int ch)
> {
> + const int nMaxBuffSize = 1024;
> int isFloat = 0;
> - char buf[1024];
> + char buf[nMaxBuffSize];
> int nInBuf = 0;
>
> buf[0] = ch;
> nInBuf = 1;
> while (((ch = scanchar()) != EOF)
> - && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x'))))
> + && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x')))
> + && nInBuf < nMaxBuffSize)
> {
> buf[nInBuf++] = ch;
> }
> @@ -621,7 +623,8 @@ yyGetNumber(int ch)
> {
> isFloat = 1;
> buf[nInBuf++] = ch;
> - while (((ch = scanchar()) != EOF) && (isxdigit(ch)))
> + while (((ch = scanchar()) != EOF) && (isxdigit(ch))
> + && nInBuf < nMaxBuffSize)
> {
> buf[nInBuf++] = ch;
> }
> --
> 1.7.1
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
More information about the xorg-devel
mailing list