Merge pull request #445 from AdamMajer/fix_buffer_overflow

Fix static buffer overrrun (issue #443)
2016-08-04 15:50:57 +02:00 · 2016-08-04 15:50:57 +02:00 · edafefb303
parent 09caae3b9c 50557a4f63
commit edafefb303
1 changed files with 11 additions and 11 deletions
--- a/src/language.c
+++ b/src/language.c
@ -601,7 +601,6 @@ tmbstr tidyNormalizedLocaleName( ctmbstr locale )
    uint i;
    uint len;
    static char result[6] = "xx_yy";
-    char character[1];
    tmbstr search = strdup(locale);
    search = TY_(tmbstrtolower)(search);
    
@ -622,27 +621,28 @@ tmbstr tidyNormalizedLocaleName( ctmbstr locale )
     junk language that doesn't exist and won't be set. */
    
    len = strlen( search );
-    len = len <= 5 ? len : 5;
+    len = ( len <= 5 ? len : 5 );
    
-    for ( i = 0; i <= len; i++ )
+    for ( i = 0; i < len; i++ )
    {
        if ( i == 2 )
        {
            /* Either terminate the string or ensure there's an underscore */
-            if (strlen( search) >= 5)
-                character[0] = '_';
-            else
-                character[0] = '\0';
-            strncpy( result + i, character, 1 );
+            if (len == 5) {
+                result[i] = '_';
+            }
+            else {
+                result[i] = '\0';
+                break;      /* no need to copy after null */
+            }
        }
        else
        {
-            strncpy( result + i, search + i, 1);
-            result[i] = tolower( result[i] );
+            result[i] = tolower( search[i] );
        }
    }
    
-    if ( search ) free( search );
+    free( search );
    return result;
 }