Fix static buffer overrrun (issue #443)
result[6] is a fixed array of size 6, but in the process of copying data into it, we clobber the last allocated byte. Simplify some of the code by not calling redundant functions.
This commit is contained in:
Adam Majer
parent
09caae3b9c
commit
50557a4f63
|
|
@ -601,7 +601,6 @@ tmbstr tidyNormalizedLocaleName( ctmbstr locale )
|
||||||
uint i;
|
uint i;
|
||||||
uint len;
|
uint len;
|
||||||
static char result[6] = "xx_yy";
|
static char result[6] = "xx_yy";
|
||||||
char character[1];
|
|
||||||
tmbstr search = strdup(locale);
|
tmbstr search = strdup(locale);
|
||||||
search = TY_(tmbstrtolower)(search);
|
search = TY_(tmbstrtolower)(search);
|
||||||
|
|
||||||
|
|
@ -622,27 +621,28 @@ tmbstr tidyNormalizedLocaleName( ctmbstr locale )
|
||||||
junk language that doesn't exist and won't be set. */
|
junk language that doesn't exist and won't be set. */
|
||||||
|
|
||||||
len = strlen( search );
|
len = strlen( search );
|
||||||
len = len <= 5 ? len : 5;
|
len = ( len <= 5 ? len : 5 );
|
||||||
|
|
||||||
for ( i = 0; i <= len; i++ )
|
for ( i = 0; i < len; i++ )
|
||||||
{
|
{
|
||||||
if ( i == 2 )
|
if ( i == 2 )
|
||||||
{
|
{
|
||||||
/* Either terminate the string or ensure there's an underscore */
|
/* Either terminate the string or ensure there's an underscore */
|
||||||
if (strlen( search) >= 5)
|
if (len == 5) {
|
||||||
character[0] = '_';
|
result[i] = '_';
|
||||||
else
|
}
|
||||||
character[0] = '\0';
|
else {
|
||||||
strncpy( result + i, character, 1 );
|
result[i] = '\0';
|
||||||
|
break; /* no need to copy after null */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
strncpy( result + i, search + i, 1);
|
result[i] = tolower( search[i] );
|
||||||
result[i] = tolower( result[i] );
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( search ) free( search );
|
free( search );
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue