diff options
| author | Behdad Esfahbod <behdad@behdad.org> | 2014-12-12 21:42:35 -0800 |
|---|---|---|
| committer | Behdad Esfahbod <behdad@behdad.org> | 2014-12-12 21:42:35 -0800 |
| commit | fc7e1a9497919c88d790d9395eb01cd7d5121507 (patch) | |
| tree | 39623b5be913dc4a2d76729fb8a591fd9e4de34d | |
| parent | 32ac7c75e8db0135ef37cf86f92d8b9be000c8bb (diff) | |
Fix buffer overflow in copying PS name
As reported on the mailing list by Tanel Liiv. Found using American Fuzzy Lop.
| -rw-r--r-- | src/fcfreetype.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/fcfreetype.c b/src/fcfreetype.c index aca2f70b..da66741c 100644 --- a/src/fcfreetype.c +++ b/src/fcfreetype.c @@ -1556,7 +1556,8 @@ FcFreeTypeQueryFace (const FT_Face face, } else { - strcpy (psname, tmp); + strncpy (psname, tmp, 255); + psname[255] = 0; } if (!FcPatternAddString (pat, FC_POSTSCRIPT_NAME, (const FcChar8 *)psname)) goto bail1; |