diff options
author | Kees Cook <kees.cook@canonical.com> | 2011-07-09 07:40:23 -0700 |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2011-07-19 20:22:08 +0200 |
commit | 4f1a5dbc00d577cdbd37a824c396b030cb170d65 (patch) | |
tree | e6fccbeaecb335466c60423e135e44203adfeb8d | |
parent | 35e2f74fbcf172813b7016e58585bb30b39a3de6 (diff) |
xclipboard: avoid overflow crash when building labels
This replaces sprintf with XtAsprintf to avoid crashing when creating
various potentially large labels.
https://bugs.launchpad.net/ubuntu/+source/x11-apps/+bug/792642
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Reviewed-by: James Cloos <cloos@jhcloos.com>
[jcristau: added xt >= 1.1 dependency per Alan Coopersmith]
Signed-off-by: Julien Cristau <jcristau@debian.org>
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | xclipboard.c | 5 | ||||
-rw-r--r-- | xcutsel.c | 8 |
3 files changed, 9 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac index b289038..463aa7e 100644 --- a/configure.ac +++ b/configure.ac @@ -42,7 +42,7 @@ PKG_CHECK_EXISTS([xkbfile], [XKBPKG="xkbfile"], [XKBPKG=""]) if test x$XKBPKG = xxkbfile ; then AC_DEFINE([XKB], [1], [Define to use libxkbfile calls like XKBStdBell()]) fi -PKG_CHECK_MODULES(XCLIPBOARD, [xaw7 xmu xt x11 ${XKBPKG}]) +PKG_CHECK_MODULES(XCLIPBOARD, [xaw7 xmu xt >= 1.1 x11 ${XKBPKG}]) PKG_CHECK_MODULES(APPDEFS, xt) xt_appdefaultdir=`$PKG_CONFIG --variable=appdefaultdir xt` diff --git a/xclipboard.c b/xclipboard.c index 1fddf4c..62a214c 100644 --- a/xclipboard.c +++ b/xclipboard.c @@ -332,13 +332,14 @@ AcceptSaveFile(Widget w, XEvent *e, String *argv, Cardinal *argc) XtPopdown (fileDialogShell); if (!success) { - char failMessage[1024]; + char *failMessage; - sprintf (failMessage, "Can't open file \"%s\"", filename); + XtAsprintf (&failMessage, "Can't open file \"%s\"", filename); XtSetArg (args[0], XtNlabel, failMessage); XtSetValues (failDialog, args, 1); CenterWidgetOnEvent (failDialogShell, e); XtPopup (failDialogShell, XtGrabNone); + XtFree (failMessage); } else { @@ -258,7 +258,7 @@ GetBuffer(Widget w, XtPointer closure, XtPointer callData) int main(int argc, char *argv[]) { - char label[100]; + char *label; Widget box, button; XtAppContext appcon; Widget shell; @@ -288,19 +288,21 @@ main(int argc, char *argv[]) XtAddCallback( button, XtNcallback, Quit, NULL ); /* %%% hack alert... */ - sprintf(label, "*label:copy %s to %d", + XtAsprintf(&label, "*label:copy %s to %d", options.selection_name, options.buffer); XrmPutLineResource( &rdb, label ); + XtFree(label); button = XtCreateManagedWidget("sel-cut", commandWidgetClass, box, NULL, ZERO); XtAddCallback( button, XtNcallback, GetSelection, NULL ); - sprintf(label, "*label:copy %d to %s", + XtAsprintf(&label, "*label:copy %d to %s", options.buffer, options.selection_name); XrmPutLineResource( &rdb, label ); + XtFree(label); button = XtCreateManagedWidget("cut-sel", commandWidgetClass, box, NULL, ZERO); |