29 lines
981 B
Diff
29 lines
981 B
Diff
From a96155657b690a7de3a7670f3014867487cba838 Mon Sep 17 00:00:00 2001
|
|
From: Lukas Javorsky <ljavorsk@redhat.com>
|
|
Date: Mon, 12 Aug 2024 13:02:35 +0200
|
|
Subject: [PATCH 3/7] Safely handle the "name" argument in NewFile func
|
|
|
|
Since the NewFile func is called with argv[] arguments, there should be
|
|
a safety check in case that the arguments are tainted.
|
|
---
|
|
src/devices/xditview/xditview.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/devices/xditview/xditview.c b/src/devices/xditview/xditview.c
|
|
index 1f56940b2..9ee0470c2 100644
|
|
--- a/src/devices/xditview/xditview.c
|
|
+++ b/src/devices/xditview/xditview.c
|
|
@@ -364,7 +364,8 @@ NewFile (const char *name)
|
|
}
|
|
hadFile = 1;
|
|
SelectPageNumber ("1");
|
|
- strcpy (current_file_name, name);
|
|
+ strncpy(current_file_name, name, sizeof(current_file_name) - 1);
|
|
+ current_file_name[sizeof(current_file_name) - 1] = '\0'; // Ensure null-termination
|
|
current_file = new_file;
|
|
}
|
|
|
|
--
|
|
2.44.0
|
|
|