summaryrefslogtreecommitdiffstats
path: root/uemis-downloader.c
diff options
context:
space:
mode:
authorGravatar Dirk Hohndel <dirk@hohndel.org>2013-03-03 17:53:43 -0800
committerGravatar Dirk Hohndel <dirk@hohndel.org>2013-03-03 20:18:23 -0800
commit01291929582ac573d7efd7fba3dbe061c9d70f9a (patch)
treecc836d5c2e40d26dd8f39dd5bad6c5193f2ef04d /uemis-downloader.c
parent93eeb03d67baac26da4153a163bf35567b106524 (diff)
downloadsubsurface-01291929582ac573d7efd7fba3dbe061c9d70f9a.tar.gz
Try to capture some more potential buffer overflows caused by localization
A couple of these could clearly cause a crash just like the one fixed by commit 00865f5a1e1a ("equipment.c: Fix potential buffer overflow in size_data_funct()"). One would append user input to fixed length buffer without checking. We were hardcoding the (correct) max path length in macos.c - replaced by the actual OS constant. But the vast majority are just extremely generous guesses how long localized strings could possibly be. Yes, this commit is likely leaning towards overkill. But we have now been bitten by buffer overflow crashes twice that were caused by localization, so I tried to go through all of the code and identify every possible buffer that could be affected by this. Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
Diffstat (limited to 'uemis-downloader.c')
-rw-r--r--uemis-downloader.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/uemis-downloader.c b/uemis-downloader.c
index 91eae3145..9b54b0f3c 100644
--- a/uemis-downloader.c
+++ b/uemis-downloader.c
@@ -145,7 +145,7 @@ static struct dive *uemis_start_dive(uint32_t deviceid)
/* send text to the importer progress bar */
static void uemis_info(const char *fmt, ...)
{
- static char buffer[40];
+ static char buffer[256];
va_list ap;
va_start(ap, fmt);
@@ -544,7 +544,7 @@ static void parse_divespot(char *buf)
char *bp = buf + 1;
char *tp = next_token(&bp);
char *tag, *type, *val;
- char locationstring[255] = "";
+ char locationstring[1024] = "";
int divespot, len;
double latitude, longitude;