libburnia/legacy
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Closed a gap for line buffer overflow with man page production. Coverity CID 28784.

Browse Source
This commit is contained in:
Thomas Schmitt 2015-11-05 18:07:45 +00:00
parent e404e6f2a9
commit 2cf263a9c3
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libisoburn/trunk/xorriso/make_xorriso_1.c
View File

@ -378,6 +378,7 @@ int Mx1_convert(struct Mx1 *m, char line_in[256], char line_out[256], int flag)
strcpy(buf, "\\fB"); strcpy(buf, "\\fB");
if(word[0] == '-') { if(word[0] == '-') {
if(l >= 255) { if(l >= 255) {
length_overflow:;
Mx1_report_error(m, "Line length overflow while converting @item", 0); Mx1_report_error(m, "Line length overflow while converting @item", 0);
return(-1); return(-1);
} }
@ -390,8 +391,10 @@ int Mx1_convert(struct Mx1 *m, char line_in[256], char line_out[256], int flag)
ret= Mx1_substitute(m, buf, line_out, raw, strlen(buf), 0); ret= Mx1_substitute(m, buf, line_out, raw, strlen(buf), 0);
if(ret <= 0) if(ret <= 0)
return(-1); return(-1);
strcpy(buf, line_out);
if(strlen(line_out) + 3 + strlen(remainder) > 255)
goto length_overflow;
strcpy(buf, line_out);
strcat(buf, "\\fR"); strcat(buf, "\\fR");
raw= strlen(buf); raw= strlen(buf);
strcat(buf, remainder); strcat(buf, remainder);