From ac6694378e0ed4bdffa6e1318c9d4beda24a6b0e Mon Sep 17 00:00:00 2001 From: Mike DePaulo Date: Sun, 8 Feb 2015 20:12:25 -0500 Subject: [PATCH 04/40] CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() from xorg/lib/libXfont http://lists.x.org/archives/xorg-announce/2014-January/002389.html Fixes cppcheck warning: [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) scanf without field width limits can crash with huge input data. --- nx-X11/lib/font/bitmap/bdfread.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nx-X11/lib/font/bitmap/bdfread.c b/nx-X11/lib/font/bitmap/bdfread.c index a6f0c1e..bccabd7 100644 --- a/nx-X11/lib/font/bitmap/bdfread.c +++ b/nx-X11/lib/font/bitmap/bdfread.c @@ -344,7 +344,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState, char charName[100]; int ignore; - if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) { + if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) { bdfError("bad character name in BDF file\n"); goto BAILOUT; /* bottom of function, free and return error */ } -- 2.1.4