You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 lines
998 B
25 lines
998 B
https://bugs.gentoo.org/903860
|
|
https://github.com/mate-desktop/pluma/issues/664
|
|
https://github.com/mate-desktop/pluma/pull/665
|
|
https://github.com/mate-desktop/pluma/commit/8ca37beb259f7a62fef2005e888248ec880e44cd
|
|
|
|
From 8ca37beb259f7a62fef2005e888248ec880e44cd Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Bal=C3=A1zs=20Dura-Kov=C3=A1cs?= <balping314@gmail.com>
|
|
Date: Thu, 18 Aug 2022 17:44:41 +0200
|
|
Subject: [PATCH] Fix out-of-bounds write
|
|
|
|
Closes https://github.com/mate-desktop/pluma/issues/664
|
|
|
|
The size of tempfont was one byte too short, so strcpy performed an out-of-bounds write of the terminating 0.
|
|
--- a/pluma/pluma-window.c
|
|
+++ b/pluma/pluma-window.c
|
|
@@ -318,7 +318,7 @@ pluma_window_key_press_event (GtkWidget *widget,
|
|
g_strcanon (tempsize, "1234567890", '\0');
|
|
g_strreverse (tempsize);
|
|
|
|
- gchar tempfont [strlen (font)];
|
|
+ gchar tempfont [strlen (font) + 1];
|
|
strcpy (tempfont, font);
|
|
tempfont [strlen (font) - strlen (tempsize)] = 0;
|
|
|