From 01291929582ac573d7efd7fba3dbe061c9d70f9a Mon Sep 17 00:00:00 2001 From: Dirk Hohndel Date: Sun, 3 Mar 2013 17:53:43 -0800 Subject: Try to capture some more potential buffer overflows caused by localization A couple of these could clearly cause a crash just like the one fixed by commit 00865f5a1e1a ("equipment.c: Fix potential buffer overflow in size_data_funct()"). One would append user input to fixed length buffer without checking. We were hardcoding the (correct) max path length in macos.c - replaced by the actual OS constant. But the vast majority are just extremely generous guesses how long localized strings could possibly be. Yes, this commit is likely leaning towards overkill. But we have now been bitten by buffer overflow crashes twice that were caused by localization, so I tried to go through all of the code and identify every possible buffer that could be affected by this. Signed-off-by: Dirk Hohndel --- dive.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'dive.c') diff --git a/dive.c b/dive.c index 3e2d8dd5e..1b4c78306 100644 --- a/dive.c +++ b/dive.c @@ -354,7 +354,7 @@ static void match_standard_cylinder(cylinder_type_t *type) double cuft; int psi, len; const char *fmt; - char buffer[20], *p; + char buffer[40], *p; /* Do we already have a cylinder description? */ if (type->description) -- cgit v1.2.3-70-g09d2