CVE-2013-6462: From aeabb3efa6905e11c479e2e5319f2b6b3ab22009 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Mon, 23 Dec 2013 18:34:02 -0800 Subject: [PATCH:libXfont 1/2] CVE-2013-XXXX: unlimited sscanf can overflow stack buffer in bdfReadCharacters() Fixes cppcheck warning: [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) scanf without field width limits can crash with huge input data. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> --- src/bitmap/bdfread.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)diff -r1.2 -r1.3 xsrc/xfree/xc/lib/font/bitmap/bdfread.c
(wiz)
--- xsrc/xfree/xc/lib/font/bitmap/Attic/bdfread.c 2007/04/03 20:10:34 1.2
+++ xsrc/xfree/xc/lib/font/bitmap/Attic/bdfread.c 2014/01/07 07:43:16 1.3
@@ -340,7 +340,7 @@
char charName[100];
int ignore;
- if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) {
+ if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {
bdfError("bad character name in BDF file\n");
goto BAILOUT; /* bottom of function, free and return error */
}