summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBehdad Esfahbod <behdad@behdad.org>2014-12-12 21:42:35 -0800
committerBehdad Esfahbod <behdad@behdad.org>2014-12-12 21:42:35 -0800
commitfc7e1a9497919c88d790d9395eb01cd7d5121507 (patch)
tree39623b5be913dc4a2d76729fb8a591fd9e4de34d
parent32ac7c75e8db0135ef37cf86f92d8b9be000c8bb (diff)
Fix buffer overflow in copying PS name
As reported on the mailing list by Tanel Liiv. Found using American Fuzzy Lop.
-rw-r--r--src/fcfreetype.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/fcfreetype.c b/src/fcfreetype.c
index aca2f70..da66741 100644
--- a/src/fcfreetype.c
+++ b/src/fcfreetype.c
@@ -1556,7 +1556,8 @@ FcFreeTypeQueryFace (const FT_Face face,
}
else
{
- strcpy (psname, tmp);
+ strncpy (psname, tmp, 255);
+ psname[255] = 0;
}
if (!FcPatternAddString (pat, FC_POSTSCRIPT_NAME, (const FcChar8 *)psname))
goto bail1;