summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-12-24 02:34:02 (GMT)
committerAlan Coopersmith <alan.coopersmith@oracle.com>2013-12-31 02:09:45 (GMT)
commit4d024ac10f964f6bd372ae0dd14f02772a6e5f63 (patch)
treea5e54793d5d63922f423308b98372648679ea3b2
parentfdcf9a9be6a5d453659beadec5d1a1fdbab9afaf (diff)
CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()
Fixes cppcheck warning: [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) scanf without field width limits can crash with huge input data. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
-rw-r--r--src/bitmap/bdfread.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
index e2770dc..e11c5d2 100644
--- a/src/bitmap/bdfread.c
+++ b/src/bitmap/bdfread.c
@@ -338,7 +338,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
char charName[100];
int ignore;
- if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) {
+ if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {
bdfError("bad character name in BDF file\n");
goto BAILOUT; /* bottom of function, free and return error */
}