1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
--- loaddata.c.orig Sun May 5 04:09:25 1996
+++ loaddata.c Tue Jul 11 21:32:34 2000
@@ -5,6 +5,9 @@
* Copyleft (c) 1994-1996 Software Research Academy *
************************************************************************/
#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/param.h>
#include "config.h"
#include "sxsame.h"
@@ -25,7 +28,7 @@
DataFile ***data;
{
FILE *fp;
- char fname[256];
+ char fname[MAXPATHLEN];
char buf[256];
char str1[256];
char str2[256];
@@ -34,11 +37,18 @@
char *p;
int i;
+ if (MAXPATHLEN <= strlen(entry_name)) {
+ fprintf(stderr,"Error: data file name too long.\n");
+ return 0;
+ }
strcpy(fname,entry_name);
fp = fopen(fname, "r");
if(fp == NULL)
{
- sprintf(fname, "%s/%s", SAME_DIR, entry_name);
+ if (MAXPATHLEN <= snprintf(fname, MAXPATHLEN ,"%s/%s", SAME_DIR, entry_name)) {
+ fprintf(stderr,"Error: data file name too long.\n");
+ return 0;
+ }
fp = fopen(fname, "r");
if(fp == NULL)
return(0);
@@ -81,7 +91,7 @@
char *fname;
{
FILE *fp;
- char tmpfname[256];
+ char tmpfname[MAXPATHLEN];
char buf[256];
char str1[256],str2[256];
int val, i, j;
@@ -94,7 +104,7 @@
{
for(j=0;j<5;j++)
{
- data->xpm_data[i][j] == 0;
+ data->xpm_data[i][j] = 0;
}
}
data->bg_data = 0;
@@ -103,7 +113,10 @@
fp = fopen(fname,"r");
if(fp == NULL)
{
- sprintf(tmpfname, "%s/%s", SAME_DIR, fname);
+ if (MAXPATHLEN <= snprintf(tmpfname, MAXPATHLEN, "%s/%s", SAME_DIR, fname)) {
+ fprintf(stderr,"Error: data file name too long.\n", fname);
+ return -1;
+ }
fp = fopen(tmpfname, "r");
if(fp == NULL)
{
|