[Pkg-wmaker-commits] [wmppp.app] 69/120: wmgeneral: Use field width limits for scanf.

[Doug Torrance]

This is an automated email from the git hooks/post-receive script.

dtorrance-guest pushed a commit to branch master
in repository wmppp.app.

commit bc2d0e93d7a5ed9179665cdaf89e3596603a29f6
Author: Doug Torrance <dtorrance at monmouthcollege.edu>
Date:   Tue May 19 22:30:51 2015 -0500

    wmgeneral: Use field width limits for scanf.
    
    This fixes "(portability) scanf without field width limits can crash with
    huge input data on some versions of libc" warning from cppcheck.
    
    We choose 10 as the field width limit as it is the number of characters in
    2^31-1, the largest int.
---
 wmgeneral/wmgeneral.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wmgeneral/wmgeneral.c b/wmgeneral/wmgeneral.c
index 9b7e5d0..0ca67c9 100644
--- a/wmgeneral/wmgeneral.c
+++ b/wmgeneral/wmgeneral.c
@@ -306,7 +306,7 @@ void createXBMfromXPM(char *xbm, char **xpm, int sx, int sy) {
 	int 	zero=0;
 	int     curpixel;
 
-	sscanf(*xpm, "%d %d %d %d", &width, &height, &numcol, &depth);
+	sscanf(*xpm, "%10d %10d %10d %10d", &width, &height, &numcol, &depth);
 
 
 	for (k=0; k!=depth; k++)
@@ -483,7 +483,7 @@ void openXwindow(int argc, char *argv[], char *pixmap_bytes[], char *pixmask_bit
 	XMapWindow(display, win);
 
 	if (geometry) {
-		if (sscanf(geometry, "+%d+%d", &wx, &wy) != 2) {
+		if (sscanf(geometry, "+%10d+%10d", &wx, &wy) != 2) {
 			fprintf(stderr, "Bad geometry string.\n");
 			exit(1);
 		}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmppp.app.git