[prev in list] [next in list] [prev in thread] [next in thread]
List: ggi-develop
Subject: RE: [ggi-develop] Re: [ggi-allmodul-cvs] ggi-core/libggi/programs/util inputdump.c,1.8,1.9
From: "Christoph Egger" <Christoph_Egger () gmx ! de>
Date: 2004-08-09 13:37:22
Message-ID: 15543.1092058642 () www37 ! gmx ! net
[Download RAW message or body]
> > > + memset(buf, ' ', M->val_x);
> > > + buf[M->val_x] = '\0';
> > > + ggiPuts(vis, M->top.x, y, buf);
> > > + sprintf(buf, "? %d", i);
> > > ggiPuts(vis, M->top.x, y, M->VI[i] ?
> > > M->VI[i]->longname : buf);
> > >
> >
> > Peter: Are you sure M->val_x is always smaller than sizeof(buf),
> > so that there's no potential bufferoverflow security hole ?
>
> Yes, since this is also in the patch:
>
> + if (w > sizeof(buf) - 1)
> + w = sizeof(buf) - 1;
> + M->val_x = w;
I see. Ok.
BTW: I just changed that piece to
if (w > (int)(sizeof(buf) - 1))
w = (int)sizeof(buf) - 1;
M->val_x = w;
in order to match the type of w. Fixes a warning about
comparing signed and unsigned values.
--
CU,
Christoph Egger
E-Mail: Christoph_Egger@gmx.de
NEU: WLAN-Router für 0,- EUR* - auch für DSL-Wechsler!
GMX DSL = supergünstig & kabellos http://www.gmx.net/de/go/dsl
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
ggi-develop mailing list
ggi-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ggi-develop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic