1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From: Sven Eckelmann <sven@narfation.org>
Date: Wed, 25 Feb 2015 12:49:39 +0100
Subject: Fix buffer overflow when decoding code128 code_set_c
A dual character string needs at least 3 bytes to be saved by sprintf. Saving
it in a 2 byte buffer will cause the 0-delimiter to overwrite other data on the
stack.
It is better to use snprintf to make sure that no data is written outside the
allocated buffer and provide 3 byte for the buffer.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/exactimage/+bug/1425472
---
bardecode/code128.hh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bardecode/code128.hh b/bardecode/code128.hh
index db1c4ff..296fc08 100644
--- a/bardecode/code128.hh
+++ b/bardecode/code128.hh
@@ -237,7 +237,7 @@ namespace BarDecode
case code_set_c:
if (c < 100) {
char str[3];
- sprintf(str,"%02d",c);
+ snprintf(str,sizeof(str),"%02d",c);
return std::string(str);
} else {
return std::string(1,caux[c-96]);
|
