Re: [E-devel] [EGIT] [efl] 01/01: Windows: fix buffer overflow in test_flip2()

Carsten Haitzler Fri, 02 May 2025 07:00:03 -0700

On Fri, 2 May 2025 15:35:17 +0200 Vincent Torri <vincent.to...@gmail.com> said:


> look at the 2ndusage of buf:
> 
> 
>    snprintf(buf, sizeof(buf),
>             "This is an entry widget in this window that<br/>"
>             "uses markup <b>like this</> for styling and<br/>"
>             "formatting <em>like this</>, as well as<br/>"
>             "<a href=X><link>links in the text</></a>, so enter text<br/>"
>             "in here to edit it. By the way, links are<br/>"
>             "called <a href=anc-02>Anchors</a> so you will need<br/>"
>             "to refer to them this way.<br/>"
>             "<br/>"
> 
>             "Also you can stick in items with (relsize + ascent): "
>             "<item relsize=16x16 vsize=ascent
> href=emoticon/evil-laugh></item>" " (full) "
>             "<item relsize=16x16 vsize=full
> href=emoticon/guilty-smile></item>" " (to the left)<br/>"
> 
>             "Also (size + ascent): "
>             "<item size=16x16 vsize=ascent href=emoticon/haha></item>"
>             " (full) "
>             "<item size=16x16 vsize=full href=emoticon/happy-panting></item>"
>             " (before this)<br/>"
> 
>             "And as well (absize + ascent): "
>             "<item absize=64x64 vsize=ascent
> href=emoticon/knowing-grin></item>" " (full) "
>             "<item absize=64x64 vsize=full
> href=emoticon/not-impressed></item>" " or even paths to image files on disk
> too like: " "<item absize=96x128 vsize=full
> href=file://%s/images/sky_01.jpg></item>"
>             " ... end."
>             , elm_app_data_dir_get()
>            );
> 
> 
> ok, not buffer overflow, but anyway, buf should be longer for this

oh i didnt look at the 2nd use... so yeah - then its ok :)

> Vincent
> 
> On Fri, May 2, 2025 at 10:08 AM Carsten Haitzler <ras...@rasterman.com> wrote:
> >
> > On Thu, 01 May 2025 23:32:04 -0700 Enlightenment Git
> > <no-re...@enlightenment.org> said:
> >
> > actually... the code was correct. that doesn't buffer overflow at all - it
> > simply cuts off the path at 259 chars (plug 0 byte) and thus fails to load
> > the image. if the max path is truly 260 and the file is somehow in a place
> > in the filesystem where it cannot be addressed due to this limit... then
> > making the buffer bigger even though the max path is only 260 isn't going
> > to help.
> >
> > the alternative is that the max path is not 260 and is actually longer and
> > 260 is some hold-over from dos/fat days and thus we should be defining
> > PATH_MAX as something bigger and that is the solution. PATH_MAX is used all
> > over the place so these kinds of commits will then have to be done in 100's
> > of places.
> >
> > > This is an automated email from the git hooks/post-receive script.
> > >
> > > git pushed a commit to branch master
> > > in repository efl.
> > >
> > >
> > > View the commit online.commit 7629a786523d6fce3f1090bde0cb2fe7692835b5
> > > Author: Vincent Torri <vto...@outlook.fr>
> > > AuthorDate: Fri May 2 08:30:52 2025 +0200
> > >
> > >     Windows: fix buffer overflow in test_flip2()
> > >
> > >     MAX_PATH is 260 on Windows, while buf is used for a long message
> > > ---
> > >  src/bin/elementary/test_flip.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/src/bin/elementary/test_flip.c
> > > b/src/bin/elementary/test_flip.c index 4e63ebae47..14f6cfe6df 100644
> > > --- a/src/bin/elementary/test_flip.c
> > > +++ b/src/bin/elementary/test_flip.c
> > > @@ -271,7 +271,7 @@ void
> > >  test_flip2(void *data EINA_UNUSED, Evas_Object *obj EINA_UNUSED, void
> > > *event_info EINA_UNUSED) {
> > >     Evas_Object *win, *bg, *bx, *bx2, *fl, *o, *bt, *tb, *li, *en;
> > > -   char buf[PATH_MAX];
> > > +   char buf[4096];
> > >
> > >     win = elm_win_add(NULL, "flip2", ELM_WIN_BASIC);
> > >     elm_win_title_set(win, "Flip 2");
> > >
> > >
> > > --
> > > To stop receiving notification emails like this one, please contact
> > > the administrator of this repository.
> >
> >
> > --
> > ------------- Codito, ergo sum - "I code, therefore I am" --------------
> > Carsten Haitzler - ras...@rasterman.com
> >
> >
> >
> > _______________________________________________
> > enlightenment-devel mailing list
> > enlightenment-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> 
> 
> _______________________________________________
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel


-- 
------------- Codito, ergo sum - "I code, therefore I am" --------------
Carsten Haitzler - ras...@rasterman.com



_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Re: [E-devel] [EGIT] [efl] 01/01: Windows: fix buffer overflow in test_flip2()

Reply via email to