[PATCH:xsm] Add size limit to scanf string specifier
walter harms
wharms at bfs.de
Tue Nov 29 00:12:37 PST 2011
Am 29.11.2011 03:56, schrieb Alan Coopersmith:
> While it's tempting to just switch to fgets(), that would require
> implementing our own whitespace stripping to match the current
> scanf behavior.
>
> Fixes parfait static analysis warning:
> Error: Buffer overrun
> Buffer overflow (CWE 120): Use of fscanf(%s), with buffer 'buf'
> at line 135 of app/xsm/lock.c in function 'GetLockId'.
>
> [ This bug was found by the Parfait 0.3.7 bug checking tool.
> For more information see http://labs.oracle.com/projects/parfait/ ]
>
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
> lock.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/lock.c b/lock.c
> index 9a4553a..d51d09e 100644
> --- a/lock.c
> +++ b/lock.c
> @@ -132,7 +132,7 @@ GetLockId(const char *session_name)
> }
>
> buf[0] = '\0';
> - fscanf (fp, "%s\n", buf);
> + fscanf (fp, "%255s\n", buf);
> ret = XtNewString (buf);
>
> fclose (fp);
perhaps fgets() is better here ?
and some basic error checking would be nice.
re,
wh
More information about the xorg-devel
mailing list