| commit | 33328d997e0b39ec2afe06808e801bfed5fc7d0a | |
| author | Tobias Stoeckmann <tobias@openbsd.org> | |
| Sat, 5 May 2012 09:06:15 +0000 (5 11:06 +0200) | ||
| committer | Carlos R. Mafra <crmafra@gmail.com> | |
| Mon, 7 May 2012 23:45:13 +0000 (7 20:45 -0300) | ||
| tree | 9b0c7214ec3f24efa7167a8378127ef7d50db2f1 | treesnapshot (tar.gz zip) |
| parent | 6bc550d91bc2fa2b2f8178eb2e7c37d5bfe28e90 | commitdiff |
Avoid buffer overrun in parseMenuCommand.
In parseMenuCommand, title[300] might get filled with a string of length
300. The string is copied with strcpy, therefore the size would have to be
301 or -- as I propose -- the fixed value 300 gets replaced with
"sizeof(title) - 1". This shows also that the size 300 belongs to title
and it will already be replaced during compile-time into 299.
In parseMenuCommand, title[300] might get filled with a string of length
300. The string is copied with strcpy, therefore the size would have to be
301 or -- as I propose -- the fixed value 300 gets replaced with
"sizeof(title) - 1". This shows also that the size 300 belongs to title
and it will already be replaced during compile-time into 299.
| src/appmenu.c | diffblobblamehistory |