diff options
author | Lubomir I. Ivanov <neolit123@gmail.com> | 2013-02-11 01:49:22 +0200 |
---|---|---|
committer | Dirk Hohndel <dirk@hohndel.org> | 2013-02-11 11:27:21 -0800 |
commit | 3cb51b948afb92db1804bb557eac83f3c2572d32 (patch) | |
tree | 4457220eb2f04d523cee532a0d1b4dcc3ca358f5 /subsurface.1 | |
parent | 02f9df42718b9f80ef6c08c1c046b5976e6ceea1 (diff) | |
download | subsurface-3cb51b948afb92db1804bb557eac83f3c2572d32.tar.gz |
print.c: Fix more buffer lengths
print.c has a lot of defined buffer sizes, which do not consider
UTF-8 expansion. gettext() with UTF-8 can inflate a string up to
2x the length (with 2byte characters).
So if you set a buffer with length, say 20 bytes, lets see what happens:
divenr[20];
snprintf(divenr, sizeof(divenr), _("Dive #%d - "), dive->number);
But wait, in Russian "Dive" (which in latin text is "Pogrugenie")
ends up with 10 cyrilic characters (20 bytes), so there is already
buffer overflow here and snprintf() kicks in to corrupt the string.
In matters of truncation snprintf() isn't UTF-8 safe.
So if the buffer size happens to be less of the requested string
to be put in there, the truncation can corrupt a trailing unicode
character.
For now, lets try fixing these by expanding the buffer sizes.
Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
Diffstat (limited to 'subsurface.1')
0 files changed, 0 insertions, 0 deletions