cedric pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=10f26f143a4e3404557a223ebfefba94e80cbd3f
commit 10f26f143a4e3404557a223ebfefba94e80cbd3f Author: Godly T.Alias <[email protected]> Date: Fri Oct 6 09:48:28 2017 -0700 evas: fix for sscanf use with save flags input. Summary: As 'flags' can be supplied by application, in case application is supplying a big string(error case), it can cause crash in some version of glibc. Setting maximum possible input (0x64) length as width specifier Fix for static code analyzer warnings - scanf without field width limits can crash with huge input data on some versions of libc Signed-off-by: Godly T.Alias <[email protected]> Test Plan: Run SonarQube Reviewers: cedric, raster, Princekrdubey, rajeshps Reviewed By: cedric Subscribers: jpeg Differential Revision: https://phab.enlightenment.org/D5266 Signed-off-by: Cedric BAIL <[email protected]> --- src/lib/evas/canvas/evas_object_image.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/evas/canvas/evas_object_image.c b/src/lib/evas/canvas/evas_object_image.c index 9d4ed08e15..ebdb03848f 100644 --- a/src/lib/evas/canvas/evas_object_image.c +++ b/src/lib/evas/canvas/evas_object_image.c @@ -900,8 +900,8 @@ _efl_canvas_image_internal_efl_file_save(const Eo *eo_obj, Evas_Image_Data *o, c { pp = strchr(p, ' '); if (pp) *pp = 0; - sscanf(p, "quality=%i", &quality); - sscanf(p, "compress=%i", &compress); + sscanf(p, "quality=%4i", &quality); + sscanf(p, "compress=%4i", &compress); sscanf(p, "encoding=%ms", &encoding); if (pp) p = pp + 1; else break; --
