21 lines
803 B
Plaintext
21 lines
803 B
Plaintext
$OpenBSD: patch-jerror_c,v 1.2 2009/10/14 13:03:44 naddy Exp $
|
|
|
|
This one is slightly problematic. If an application allocates less
|
|
room for its error buffer than the recommended JMSG_LENGTH_MAX, the
|
|
error message buffer will still overflow.
|
|
|
|
--- jerror.c.orig Sat Oct 10 12:43:21 2009
|
|
+++ jerror.c Sat Oct 10 12:43:52 2009
|
|
@@ -190,9 +190,9 @@ format_message (j_common_ptr cinfo, char * buffer)
|
|
|
|
/* Format the message into the passed buffer */
|
|
if (isstring)
|
|
- sprintf(buffer, msgtext, err->msg_parm.s);
|
|
+ snprintf(buffer, JMSG_LENGTH_MAX, msgtext, err->msg_parm.s);
|
|
else
|
|
- sprintf(buffer, msgtext,
|
|
+ snprintf(buffer, JMSG_LENGTH_MAX, msgtext,
|
|
err->msg_parm.i[0], err->msg_parm.i[1],
|
|
err->msg_parm.i[2], err->msg_parm.i[3],
|
|
err->msg_parm.i[4], err->msg_parm.i[5],
|