21 lines
803 B
Plaintext
21 lines
803 B
Plaintext
$OpenBSD: patch-jerror_c,v 1.3 2013/04/20 15:23:40 naddy Exp $
|
|
|
|
This one is slightly problematic. If an application allocates less
|
|
room for its error buffer than the recommended JMSG_LENGTH_MAX, the
|
|
error message buffer will still overflow.
|
|
|
|
--- jerror.c.orig Wed Aug 8 14:49:02 2012
|
|
+++ jerror.c Thu Apr 18 21:33:54 2013
|
|
@@ -191,9 +191,9 @@ format_message (j_common_ptr cinfo, char * buffer)
|
|
|
|
/* Format the message into the passed buffer */
|
|
if (isstring)
|
|
- sprintf(buffer, msgtext, err->msg_parm.s);
|
|
+ snprintf(buffer, JMSG_LENGTH_MAX, msgtext, err->msg_parm.s);
|
|
else
|
|
- sprintf(buffer, msgtext,
|
|
+ snprintf(buffer, JMSG_LENGTH_MAX, msgtext,
|
|
err->msg_parm.i[0], err->msg_parm.i[1],
|
|
err->msg_parm.i[2], err->msg_parm.i[3],
|
|
err->msg_parm.i[4], err->msg_parm.i[5],
|