diff options
Diffstat (limited to 'libXfont/src/bitmap/bdfread.c')
-rw-r--r-- | libXfont/src/bitmap/bdfread.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/libXfont/src/bitmap/bdfread.c b/libXfont/src/bitmap/bdfread.c index e2770dc1c..914a0244e 100644 --- a/libXfont/src/bitmap/bdfread.c +++ b/libXfont/src/bitmap/bdfread.c @@ -69,6 +69,7 @@ from The Open Group. #define INDICES 256 #define MAXENCODING 0xFFFF #define BDFLINELEN 1024 +#define BDFLINESTR "%1023s" /* scanf specifier to read a BDFLINELEN string */ static Bool bdfPadToTerminal(FontPtr pFont); extern int bdfFileLineNum; @@ -338,7 +339,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState, char charName[100]; int ignore; - if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) { + if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) { bdfError("bad character name in BDF file\n"); goto BAILOUT; /* bottom of function, free and return error */ } @@ -544,13 +545,18 @@ bdfReadHeader(FontFilePtr file, bdfFileState *pState) unsigned char lineBuf[BDFLINELEN]; line = bdfGetLine(file, lineBuf, BDFLINELEN); - if (!line || sscanf((char *) line, "STARTFONT %s", namebuf) != 1 || + if (!line || + sscanf((char *) line, "STARTFONT " BDFLINESTR, namebuf) != 1 || !bdfStrEqual(namebuf, "2.1")) { bdfError("bad 'STARTFONT'\n"); return (FALSE); } line = bdfGetLine(file, lineBuf, BDFLINELEN); - if (!line || sscanf((char *) line, "FONT %[^\n]", pState->fontName) != 1) { +#if MAXFONTNAMELEN != 1024 +# error "need to adjust sscanf length limit to be MAXFONTNAMELEN - 1" +#endif + if (!line || + sscanf((char *) line, "FONT %1023[^\n]", pState->fontName) != 1) { bdfError("bad 'FONT'\n"); return (FALSE); } @@ -633,7 +639,9 @@ bdfReadProperties(FontFilePtr file, FontPtr pFont, bdfFileState *pState) while (*line && isspace(*line)) line++; - switch (sscanf((char *) line, "%s%s%s", namebuf, secondbuf, thirdbuf)) { + switch (sscanf((char *) line, + BDFLINESTR BDFLINESTR BDFLINESTR, + namebuf, secondbuf, thirdbuf)) { default: bdfError("missing '%s' parameter value\n", namebuf); goto BAILOUT; |