Add bounds check to getstr()

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

1 files changed, 10 insertions, 5 deletions

diff --git a/draw.c b/draw.c
index e9d3897..78ff68c 100644
--- a/draw.c
+++ b/draw.c
@@ -252,7 +252,7 @@ DrawArc(DviWidget dw, int x0, int y0, int x1, int y1)
 /* copy next non-blank string from p to temp, update p */
 
 static const char *
-getstr(const char *p, char *temp)
+getstr(const char *p, char *temp, size_t temp_size)
 {
     while (*p == ' ' || *p == '\t' || *p == '\n')
         p++;
@@ -260,8 +260,13 @@ getstr(const char *p, char *temp)
         temp[0] = 0;
         return ((char *) NULL);
     }
-    while (*p != ' ' && *p != '\t' && *p != '\n' && *p != '\0')
-        *temp++ = *p++;
+    while (*p != ' ' && *p != '\t' && *p != '\n' && *p != '\0') {
+        /* leave room for trailing NIL byte */
+        if (temp_size > 1) {
+            *temp++ = *p++;
+            temp_size--;
+        }
+    }
     *temp = '\0';
     return (p);
 }
@@ -306,10 +311,10 @@ GetSpline(const char *s)
     while (p && *p) {
         double x1, y1;
 
-        if ((p = getstr(p, d)) == (const char *) NULL)
+        if ((p = getstr(p, d, sizeof(d))) == (const char *) NULL)
             break;
         x1 = x + atof(d);
-        if ((p = getstr(p, d)) == (const char *) NULL)
+        if ((p = getstr(p, d, sizeof(d))) == (const char *) NULL)
             break;
         y1 = y + atof(d);
         pt->next = MakePoint(x1, y1);