Attachment 26021 Details for Bug 62767

[patch] wv-0.7.2+-fix_overflow.patch

wv-0.7.2+-fix_overflow.patch (text/plain), 1.53 KB, created by Stanislav Brabec on 2004-11-11 23:55:40 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stanislav Brabec

Created: 2004-11-11 23:55:40 UTC

Size: 1.53 KB

patch

obsolete

>--- wv/field.c
>+++ wv/field.c
>@@ -48,20 +48,24 @@
>     return (ret);
> }
> 
>+#define TIMESTR_SIZE 4096
>+
> int
> wvHandleDateTimePicture (char *retstring, size_t max, char *token,
> 			 time_t * mytime)
> {
>     int no;
>+    int consumed = 0;
>     struct tm *current;
>-    char timestr[4096];
>+    char timestr[TIMESTR_SIZE];
>     char temp[64];
>     timestr[0] = '\0';
> 
>     if (!token)
> 	return (0);
>     current = localtime (mytime);
>-    while (*token)
>+    /* the '11' is the max width of an integer (10 digits for '4 billion') + nul */
>+    while (*token && (consumed < (TIMESTR_SIZE - 11)))
>       {
> 	  switch (*token)
> 	    {
>@@ -87,15 +91,19 @@
> 		  case 1:
> 		      sprintf (temp, "%d", current->tm_mon+1);
> 		      strcat (timestr, temp);
>+		      consumed += strlen (temp);
> 		      break;
> 		  case 2:
> 		      strcat (timestr, "%m");
>+		      consumed += 2;
> 		      break;
> 		  case 3:
> 		      strcat (timestr, "%b");
>+		      consumed += 2;
> 		      break;
> 		  default:
> 		      strcat (timestr, "%B");
>+		      consumed += 2;
> 		      break;
> 		  }
> 		break;
>@@ -154,9 +162,11 @@
> 		  case 1:
> 		      sprintf (temp, "%d", current->tm_hour % 12);
> 		      strcat (timestr, temp);
>+		      consumed += strlen (temp);
> 		      break;
> 		  default:
> 		      strcat (timestr, "%I");
>+		      consumed += 2;
> 		      break;
> 		  }
> 		break;
>@@ -182,6 +192,7 @@
> 		  case 1:
> 		      sprintf (temp, "%d", current->tm_min);
> 		      strcat (timestr, temp);
>+		      consumed += strlen (temp);
> 		      break;
> 		  default:
> 		      strcat (timestr, "%M");

Actions: View | Diff

Attachments on bug 62767: 26006 | 26014 | 26021 | 26305