[X2Go-Commits] [nx-libs] 21/29: Font.c: replace memcpy by sprintf preventing possible buffer overflows

Sat, 06 Jan 2018 16:36:03 -0800 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch 3.6.x
in repository nx-libs.

commit 56fa234856428ca2de92c27904edb1fe28bc4fdc
Author: Ulrich Sibiller <ul...@gmx.de>
Date:   Wed Jan 3 01:11:34 2018 +0100

    Font.c: replace memcpy by sprintf preventing possible buffer overflows
    
    I am not sure about the maximum font name length in X but just in
    case use snprintf instead of memcpy to be sure nothing dangerous can
    happen here.
---
 nx-X11/programs/Xserver/hw/nxagent/Font.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c 
b/nx-X11/programs/Xserver/hw/nxagent/Font.c
index 5a9b729..540ad79 100644
--- a/nx-X11/programs/Xserver/hw/nxagent/Font.c
+++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c
@@ -733,7 +733,7 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, 
char *fontName, FontP
 {
   XFontStruct *fontStruct;
 
-  char *substFontBuf;
+  char substFontBuf[512];;
 
   /*  X Logical Font Description Conventions
    *  require 14 fields in the font names.
@@ -767,12 +767,9 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, 
char *fontName, FontP
   fprintf(stderr, "nxagentLoadBestQueryFont: Searching font '%s' .\n", 
fontName);
   #endif
 
-  substFontBuf = (char *) malloc(sizeof(char) * 512);
-
-
   numFontFields = nxagentSplitString(fontName, fontNameFields, FIELDS + 1, 
"-");
 
-  memcpy(substFontBuf, "fixed\0", strlen("fixed") + 1);
+  snprintf(substFontBuf, sizeof(substFontBuf), "%s", "fixed");
 
   if (numFontFields <= FIELDS)
   {
@@ -831,8 +828,7 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, 
char *fontName, FontP
         /* Found more accurate font  */
 
         weight = tempWeight;
-        memcpy(substFontBuf, nxagentRemoteFontList.list[i]->name, 
strlen(nxagentRemoteFontList.list[i]->name));
-        substFontBuf[strlen(nxagentRemoteFontList.list[i]->name)] = '\0';
+        snprintf(substFontBuf, sizeof(substFontBuf), "%s", 
nxagentRemoteFontList.list[i]->name);
 
         #ifdef NXAGENT_RECONNECT_FONT_DEBUG
         fprintf(stderr, "nxagentLoadBestQueryFont: Weight '%d' of more 
accurate font '%s' .\n", weight, substFontBuf);
@@ -856,8 +852,6 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, 
char *fontName, FontP
 
   fontStruct = nxagentLoadQueryFont(dpy, substFontBuf, pFont);
 
-  free (substFontBuf);
-
   for (j = 0; j < numFontFields; j++)
   {
     free(fontNameFields[j]);

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on 
/srv/git/code.x2go.org/nx-libs.git
_______________________________________________
x2go-commits mailing list
x2go-commits@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-commits

Reply via email to