weewonder / garglk

Automatically exported from code.google.com/p/garglk
Other
0 stars 0 forks source link

Off-by-one errors in garglk/fontgtk.c #114

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
There are a number of places in fontgtk.c that allocate strlen(x) bytes instead 
of strlen(x) + 1, leading to an overflow on strcpy().  I've attached a patch 
that adds the one byte on, but of course this could also be solved with 
strdup().

Original issue reported on code.google.com by cspiegel@gmail.com on 15 Aug 2010 at 12:39

Attachments:

GoogleCodeExporter commented 8 years ago
Ack, how embarrassing. Thanks for the catch and the patch!

Original comment by bcressey@gmail.com on 15 Aug 2010 at 5:14

GoogleCodeExporter commented 8 years ago

Original comment by bcressey@gmail.com on 15 Aug 2010 at 5:14

GoogleCodeExporter commented 8 years ago
Found a similiar issue on line 238 of sysgtk.c.

Original comment by bcressey@gmail.com on 15 Aug 2010 at 5:23

GoogleCodeExporter commented 8 years ago
Can you send me your name so I can credit you for the patch?

Original comment by bcressey@gmail.com on 15 Aug 2010 at 6:43

GoogleCodeExporter commented 8 years ago
Sure; I'm Chris Spiegel.

Original comment by cspiegel@gmail.com on 15 Aug 2010 at 9:32

GoogleCodeExporter commented 8 years ago
Fixed in r385.

Original comment by bcressey@gmail.com on 16 Aug 2010 at 5:05