Off-by-one errors in garglk/fontgtk.c

weewonder / garglk

Automatically exported from code.google.com/p/garglk

Other

0 stars 0 forks source link

Off-by-one errors in garglk/fontgtk.c #114

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

There are a number of places in fontgtk.c that allocate strlen(x) bytes instead 
of strlen(x) + 1, leading to an overflow on strcpy().  I've attached a patch 
that adds the one byte on, but of course this could also be solved with 
strdup().

Original issue reported on code.google.com by cspiegel@gmail.com on 15 Aug 2010 at 12:39

Attachments:

out.diff

GoogleCodeExporter commented 8 years ago

Ack, how embarrassing. Thanks for the catch and the patch!

Original comment by bcressey@gmail.com on 15 Aug 2010 at 5:14

GoogleCodeExporter commented 8 years ago

Original comment by bcressey@gmail.com on 15 Aug 2010 at 5:14

Changed state: Accepted

GoogleCodeExporter commented 8 years ago

Found a similiar issue on line 238 of sysgtk.c.

Original comment by bcressey@gmail.com on 15 Aug 2010 at 5:23

GoogleCodeExporter commented 8 years ago

Can you send me your name so I can credit you for the patch?

Original comment by bcressey@gmail.com on 15 Aug 2010 at 6:43

GoogleCodeExporter commented 8 years ago

Sure; I'm Chris Spiegel.

Original comment by cspiegel@gmail.com on 15 Aug 2010 at 9:32

GoogleCodeExporter commented 8 years ago

Fixed in r385.

Original comment by bcressey@gmail.com on 16 Aug 2010 at 5:05

Changed state: Fixed