|
 |
50a37d |
From b78ede45a294b567d27d7198ff3354df86a5b7f1 Mon Sep 17 00:00:00 2001
|
|
|
50a37d |
From: Lumir Balhar <lbalhar@redhat.com>
|
|
|
50a37d |
Date: Tue, 11 Sep 2018 15:58:31 +0200
|
|
|
50a37d |
Subject: [PATCH 1/2] Fix potential un-terminated buffer problem (CWE-120)
|
|
|
50a37d |
|
|
|
50a37d |
---
|
|
|
50a37d |
src/libImaging/Histo.c | 4 +++-
|
|
|
50a37d |
src/libImaging/Palette.c | 3 ++-
|
|
|
50a37d |
2 files changed, 5 insertions(+), 2 deletions(-)
|
|
|
50a37d |
|
|
|
50a37d |
diff --git a/src/libImaging/Histo.c b/src/libImaging/Histo.c
|
|
|
50a37d |
index 0bfc8dfe..2b35873e 100644
|
|
|
50a37d |
--- a/src/libImaging/Histo.c
|
|
|
50a37d |
+++ b/src/libImaging/Histo.c
|
|
|
50a37d |
@@ -41,7 +41,9 @@ ImagingHistogramNew(Imaging im)
|
|
|
50a37d |
|
|
|
50a37d |
/* Create histogram descriptor */
|
|
|
50a37d |
h = calloc(1, sizeof(struct ImagingHistogramInstance));
|
|
|
50a37d |
- strncpy(h->mode, im->mode, IMAGING_MODE_LENGTH);
|
|
|
50a37d |
+ strncpy(h->mode, im->mode, IMAGING_MODE_LENGTH-1);
|
|
|
50a37d |
+ h->mode[IMAGING_MODE_LENGTH-1] = 0;
|
|
|
50a37d |
+
|
|
|
50a37d |
h->bands = im->bands;
|
|
|
50a37d |
h->histogram = calloc(im->pixelsize, 256 * sizeof(long));
|
|
|
50a37d |
|
|
|
50a37d |
diff --git a/src/libImaging/Palette.c b/src/libImaging/Palette.c
|
|
|
50a37d |
index 31c2c024..7aee6e8e 100644
|
|
|
50a37d |
--- a/src/libImaging/Palette.c
|
|
|
50a37d |
+++ b/src/libImaging/Palette.c
|
|
|
50a37d |
@@ -37,7 +37,8 @@ ImagingPaletteNew(const char* mode)
|
|
|
50a37d |
if (!palette)
|
|
|
50a37d |
return (ImagingPalette) ImagingError_MemoryError();
|
|
|
50a37d |
|
|
|
50a37d |
- strncpy(palette->mode, mode, IMAGING_MODE_LENGTH);
|
|
|
50a37d |
+ strncpy(palette->mode, mode, IMAGING_MODE_LENGTH-1);
|
|
|
50a37d |
+ palette->mode[IMAGING_MODE_LENGTH-1] = 0;
|
|
|
50a37d |
|
|
|
50a37d |
/* Initialize to ramp */
|
|
|
50a37d |
for (i = 0; i < 256; i++) {
|
|
|
50a37d |
--
|
|
|
50a37d |
2.17.1
|
|
|
50a37d |
|