1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From: David Petek <david.petek@gmail.com>
Date: Wed, 29 Apr 2020 22:29:20 +0200
Subject: strcpy avoid stack buffer overflow
apngopt crashes with stack buffer overflow when calling with command line
argument longer than 247 bytes.
Suggested fix: use strncpy or verify szIn length before copying.
Proposed patch:
```
2372c2372
< strcpy(szOut, szIn);
---
> strncpy(szOut, szIn, 247);
Bug-Debian: https://bugs.debian.org/959141
Reviewed-by: xiao sheng wen <atzlinux@sina.com>
Comments: update this patch for new upstream version 1.4
Forwarded: not-needed
Last-Update: 2023-04-12
---
apngopt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apngopt.cpp b/apngopt.cpp
index d9c3acd..052b7c5 100644
--- a/apngopt.cpp
+++ b/apngopt.cpp
@@ -1486,7 +1486,7 @@ int main(int argc, char** argv)
if (szOut[0] == 0)
{
- strcpy(szOut, szInput);
+ strncpy(szOut, szInput, 247);
if ((szExt = strrchr(szOut, '.')) != NULL) *szExt = 0;
strcat(szOut, "_opt.png");
}
|
