[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

gEDA-cvs: pcb.git: branch: master updated (ead902434b80f733b10248e35e12a5906e0a392a)

The branch, master has been updated
       via  ead902434b80f733b10248e35e12a5906e0a392a (commit)
      from  cc26ae14e53d370b9e08d3950949d7ce7811ba6e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


=========
 Summary
=========

 src/hid/gtk/gui-top-window.c |   34 ++++++++++++++++++++++++++++------
 1 files changed, 28 insertions(+), 6 deletions(-)


=================
 Commit Messages
=================

commit ead902434b80f733b10248e35e12a5906e0a392a
Author: Patrick Bernaud <b-patrick@xxxxxxxxxx>
Commit: Peter Clifton <pcjc2@xxxxxxxxx>

    hid/gtk: Fix strncat length when building accelerator string. (CODE!)
    
    (Oops, I pushed an empty patch last time - Peter Clifton)
    
    Commit d6b396c4a34bb619c8e91da1e9cd9bd27ff54657 was not enough:
    strncat() must be given the remaining length of buffer to ensure it
    does not overflow. Plus it now emits a message in the unlikely case
    of a too small buffer for an accelerator.

:100644 100644 69e1909... c6a2e58... M	src/hid/gtk/gui-top-window.c

=========
 Changes
=========

commit ead902434b80f733b10248e35e12a5906e0a392a
Author: Patrick Bernaud <b-patrick@xxxxxxxxxx>
Commit: Peter Clifton <pcjc2@xxxxxxxxx>

    hid/gtk: Fix strncat length when building accelerator string. (CODE!)
    
    (Oops, I pushed an empty patch last time - Peter Clifton)
    
    Commit d6b396c4a34bb619c8e91da1e9cd9bd27ff54657 was not enough:
    strncat() must be given the remaining length of buffer to ensure it
    does not overflow. Plus it now emits a message in the unlikely case
    of a too small buffer for an accelerator.

diff --git a/src/hid/gtk/gui-top-window.c b/src/hid/gtk/gui-top-window.c
index 69e1909..c6a2e58 100644
--- a/src/hid/gtk/gui-top-window.c
+++ b/src/hid/gtk/gui-top-window.c
@@ -3110,6 +3110,7 @@ add_resource_to_menu (char * menu, Resource * node, void * callback, int indent)
   Resource *r;
   char tmps[32];
   char accel[64];
+  int accel_n;
   char *menulabel = NULL;
   char ch[2];
   char m = '\0';
@@ -3127,6 +3128,8 @@ add_resource_to_menu (char * menu, Resource * node, void * callback, int indent)
 
       case 1:			/* unnamed subres */
 	accel[0] = '\0';
+	/* remaining number of chars available in accel (- 1 for '\0')*/
+	accel_n = sizeof (accel) - 1;
 	/* This is a menu choice.  The first value in the unnamed
 	 * subres is what the menu choice gets called.
 	 *
@@ -3198,17 +3201,20 @@ add_resource_to_menu (char * menu, Resource * node, void * callback, int indent)
 		      }
 		    else if (strncmp (p, "Ctrl", 4) == 0)
 		      {
-			strncat (accel, "<control>", sizeof (accel) - 1);
+			strncat (accel, "<control>", accel_n);
+			accel_n -= strlen ("<control>");
 			p += 4;
 		      }
 		    else if (strncmp (p, "Shift", 5) == 0)
 		      {
-			strncat (accel, "<shift>", sizeof (accel) - 1);
+			strncat (accel, "<shift>", accel_n);
+			accel_n -= strlen ("<shift>");
 			p += 5;
 		      }
 		    else if (strncmp (p, "Alt", 3) == 0)
 		      {
-			strncat (accel, "<alt>", sizeof (accel) - 1);
+			strncat (accel, "<alt>", accel_n);
+			accel_n -= strlen ("<alt>");
 			p += 3;
 		      }
 		    else
@@ -3232,6 +3238,7 @@ add_resource_to_menu (char * menu, Resource * node, void * callback, int indent)
 			  }
 			/* skip processing the rest */
 			accel[0] = '\0';
+			accel_n = sizeof (accel) - 1;
 			p += strlen (p);
 		      }
 		    break;
@@ -3239,7 +3246,8 @@ add_resource_to_menu (char * menu, Resource * node, void * callback, int indent)
 		  case KEY:
 		    if (strncmp (p, "Enter", 5) == 0)
 		      {
-			strncat (accel, "Return", sizeof (accel) - 1);
+			strncat (accel, "Return", accel_n);
+			accel_n -= strlen ("Return");
 			p += 5;
 		      }
 		    else
@@ -3249,19 +3257,33 @@ add_resource_to_menu (char * menu, Resource * node, void * callback, int indent)
 			  {
 			    if ( *p == key_table[j].in)
 			      {
-				strncat (accel, key_table[j].out, sizeof (accel) - 1);
+				strncat (accel, key_table[j].out, accel_n);
+				accel_n -= strlen (key_table[j].out);
 				j = n_key_table;
 			      }
 			  }
 			
 			if (j == n_key_table)
-			  strncat (accel, ch, sizeof (accel) - 1);
+			  {
+			    strncat (accel, ch, accel_n);
+			    accel_n -= strlen (ch);
+			  }
 		    
 			p++;
 		      }
 		    break;
 
 		  }
+
+		if (G_UNLIKELY (accel_n < 0))
+		  {
+		    accel_n = 0;
+		    Message ("Accelerator \"%s\" is too long to be parsed.\n", r->v[1].value);
+		    accel[0] = '\0';
+		    accel_n = 0;
+		    /* skip processing the rest */
+		    p += strlen (p);
+		  }
 	      }
 #ifdef DEBUG_MENUS
 	    printf ("\n    translated = \"%s\"\n", accel);




_______________________________________________
geda-cvs mailing list
geda-cvs@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-cvs