[msitools] msiinfo: fix buffer overflow
- From: Marc-André Lureau <malureau src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [msitools] msiinfo: fix buffer overflow
- Date: Tue, 17 Nov 2020 13:09:14 +0000 (UTC)
commit 1e30d26baaede98c9be8754bf2b88afff4d9d1e3
Author: Natanael Copa <ncopa alpinelinux org>
Date: Wed Oct 4 15:28:06 2017 +0000
msiinfo: fix buffer overflow
The allocated type may not be big enough for the type string so use
separate buffer for the type string.
https://bugzilla.gnome.org/show_bug.cgi?id=788495
[ modified to fix warnings, use strdup_printf() ]
Signed-off-by: Marc-André Lureau <marcandre lureau redhat com>
tools/msiinfo.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
---
diff --git a/tools/msiinfo.c b/tools/msiinfo.c
index 255797a..f029ef8 100644
--- a/tools/msiinfo.c
+++ b/tools/msiinfo.c
@@ -420,8 +420,8 @@ static gboolean export_create_table(const char *table,
guint num_columns = libmsi_record_get_field_count(names);
guint num_keys = libmsi_record_get_field_count(keys);
guint i, len;
- char size[20], extra[30];
- gchar *name, *type;
+ char extra[30];
+ gchar *name, *type, *typesql;
if (!strcmp(table, "_Tables") ||
!strcmp(table, "_Columns") ||
@@ -454,26 +454,26 @@ static gboolean export_create_table(const char *table,
strcat(extra, " LOCALIZABLE");
/* fall through */
case 's': case 'S':
- strcpy(size, type+1);
- sprintf(type, "CHAR(%s)", size);
+ typesql = g_strdup_printf("CHAR(%s)", type+1);
break;
case 'i': case 'I':
len = atol(type + 1);
if (len <= 2)
- strcpy(type, "INT");
+ typesql = g_strdup("INT");
else if (len == 4)
- strcpy(type, "LONG");
+ typesql = g_strdup("LONG");
else
abort();
break;
case 'v': case 'V':
- strcpy(type, "OBJECT");
+ typesql = g_strdup("OBJECT");
break;
default:
abort();
}
- printf("`%s` %s%s", name, type, extra);
+ printf("`%s` %s%s", name, typesql, extra);
+ g_free(typesql);
g_free(name);
g_free(type);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
