mifr/subsurface
1
0
Fork 0
mirror of https://github.com/subsurface/subsurface.git synced 2024-11-28 13:10:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

print.c: Fix more buffer lengths

Browse source 
print.c has a lot of defined buffer sizes, which do not consider
UTF-8 expansion. gettext() with UTF-8 can inflate a string up to
2x the length (with 2byte characters).
So if you set a buffer with length, say 20 bytes, lets see what happens:

divenr[20];
snprintf(divenr, sizeof(divenr), _("Dive #%d - "), dive->number);

But wait, in Russian "Dive" (which in latin text is "Pogrugenie")
ends up with 10 cyrilic characters (20 bytes), so there is already
buffer overflow here and snprintf() kicks in to corrupt the string.

In matters of truncation snprintf() isn't UTF-8 safe.
So if the buffer size happens to be less of the requested string
to be put in there, the truncation can corrupt a trailing unicode
character.

For now, lets try fixing these by expanding the buffer sizes.

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
This commit is contained in:
Lubomir I. Ivanov 2013-02-11 01:49:22 +02:00 committed by Dirk Hohndel
parent 02f9df4271
commit 3cb51b948a
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
print.c
View file

@ -63,7 +63,7 @@ static void show_dive_header(struct dive *dive, cairo_t *cr, double w,
PangoLayout *layout;
PangoRectangle ink_ext, logic_ext;
struct tm tm;
char buffer[160], divenr[20], *people;
char buffer[160], divenr[40], *people;
maxwidth = w * PANGO_SCALE;
maxheight = h * PANGO_SCALE * 0.9;
@ -157,7 +157,7 @@ static void show_dive_notes(struct dive *dive, cairo_t *cr, double w,
/* Print the used gas mix */
static void print_ean_trimix (cairo_t *cr, PangoLayout *layout, int O2, int He){
char buffer[8];
char buffer[64];
if (He){
snprintf(buffer, sizeof(buffer), "Tx%d/%d", O2, He);
@ -335,7 +335,7 @@ static void print_weight_data (struct dive *dive, cairo_t *cr, int maxwidth, int
/* Print the dive OTUs */
static void print_otus (struct dive *dive, cairo_t *cr, PangoLayout *layout, int maxwidth)
{
char buffer[20];
char buffer[40];
cairo_move_to (cr,(maxwidth*0.05) / ((double) PANGO_SCALE), 0);
snprintf(buffer, sizeof(buffer), _("OTU"));
@ -350,7 +350,7 @@ static void print_otus (struct dive *dive, cairo_t *cr, PangoLayout *layout, int
/* Print the dive maxCNS */
static void print_cns (struct dive *dive, cairo_t *cr, PangoLayout *layout, int maxwidth)
{
char buffer[20];
char buffer[40];
cairo_move_to (cr,(maxwidth*0.05) / ((double) PANGO_SCALE), 0);
@ -369,7 +369,7 @@ static void print_SAC (struct dive *dive, cairo_t *cr, PangoLayout *layout, int
double sac;
int decimals;
const char *unit;
char buffer[20];
char buffer[40];
cairo_move_to (cr,(maxwidth*0.05) / ((double) PANGO_SCALE), 0);
snprintf(buffer, sizeof(buffer), _("SAC"));
@ -524,7 +524,7 @@ static void show_dive_table(struct dive *dive, cairo_t *cr, double w,
double maxwidth, maxheight, colwidth, curwidth;
PangoLayout *layout;
struct tm tm;
char buffer[160], divenr[20];
char buffer[160], divenr[40];
maxwidth = w * PANGO_SCALE;
maxheight = h * PANGO_SCALE * 0.9;