[PATCH:libX11 18/22] xlibi18n: fix argsize argument to _XlcParsePath
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Aug 12 00:04:09 PDT 2013
The array is defined as having NUM_LOCALEDIR entries, so use that
instead of hardcoded 256 value (the other two calls already did this).
Reported by parfait:
Buffer overflow (CWE 120): In pointer dereference of argv[argc] with index argc
Pointer size is 64 elements (of 8 bytes each), index is 255
at line 82 of src/xlibi18n/lcFile.c in function 'parse_line'.
called at line 178 in function '_XlcParsePath' with argv = argv.
called at line 722 in function '_XlcLocaleLibDirName' with argv = args, argsize = 256.
at line 82 of src/xlibi18n/lcFile.c in function 'parse_line'.
called at line 178 in function '_XlcParsePath' with argv = argv.
called at line 638 in function '_XlcLocaleDirName' with argv = args, argsize = 256.
[ This bug was found by the Parfait 1.2.0 bug checking tool.
http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ]
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
src/xlibi18n/lcFile.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n/lcFile.c
index 6b0e4c9..bf89084 100644
--- a/src/xlibi18n/lcFile.c
+++ b/src/xlibi18n/lcFile.c
@@ -635,7 +635,7 @@ _XlcLocaleDirName(char *dir_name, size_t dir_len, const char *lc_name)
}
xlocaledir (dir, PATH_MAX);
- n = _XlcParsePath(dir, args, 256);
+ n = _XlcParsePath(dir, args, NUM_LOCALEDIR);
for (i = 0; i < n; ++i) {
char *name = NULL;
@@ -714,7 +714,7 @@ _XlcLocaleLibDirName(char *dir_name, size_t dir_len, const char *lc_name)
}
xlocalelibdir (dir, PATH_MAX);
- n = _XlcParsePath(dir, args, 256);
+ n = _XlcParsePath(dir, args, NUM_LOCALEDIR);
for (i = 0; i < n; ++i) {
char *name = NULL;
--
1.7.9.2
More information about the xorg-devel
mailing list