From 5d6cda4f6442c524db3c52b272f7ff5f7225bec6 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sat, 10 Aug 2013 23:05:13 -0700 Subject: xlibi18n: fix argsize argument to _XlcParsePath The array is defined as having NUM_LOCALEDIR entries, so use that instead of hardcoded 256 value (the other two calls already did this). Reported by parfait: Buffer overflow (CWE 120): In pointer dereference of argv[argc] with index argc Pointer size is 64 elements (of 8 bytes each), index is 255 at line 82 of nx-X11/lib/X11/lcFile.c in function 'parse_line'. called at line 178 in function '_XlcParsePath' with argv = argv. called at line 722 in function '_XlcLocaleLibDirName' with argv = args, argsize = 256. at line 82 of nx-X11/lib/X11/lcFile.c in function 'parse_line'. called at line 178 in function '_XlcParsePath' with argv = argv. called at line 638 in function '_XlcLocaleDirName' with argv = args, argsize = 256. [ This bug was found by the Parfait 1.2.0 bug checking tool. http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ] Signed-off-by: Alan Coopersmith Backported-to-NX-by: Ulrich Sibiller --- nx-X11/lib/X11/lcFile.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nx-X11/lib/X11/lcFile.c b/nx-X11/lib/X11/lcFile.c index 91773a0a8..7b0e5a824 100644 --- a/nx-X11/lib/X11/lcFile.c +++ b/nx-X11/lib/X11/lcFile.c @@ -635,7 +635,7 @@ _XlcLocaleDirName(char *dir_name, size_t dir_len, const char *lc_name) } xlocaledir (dir, PATH_MAX); - n = _XlcParsePath(dir, args, 256); + n = _XlcParsePath(dir, args, NUM_LOCALEDIR); for (i = 0; i < n; ++i) { char *name = NULL; @@ -714,7 +714,7 @@ _XlcLocaleLibDirName(char *dir_name, size_t dir_len, const char *lc_name) } xlocalelibdir (dir, PATH_MAX); - n = _XlcParsePath(dir, args, 256); + n = _XlcParsePath(dir, args, NUM_LOCALEDIR); for (i = 0; i < n; ++i) { char *name = NULL; -- cgit v1.2.3