aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--frame.c10
2 files changed, 11 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index cad3736..b8ca67c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2001-11-20 Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+
+ * frame.c (newFrameSet): fix possible buffer overrun
+
2001-11-20 Fumitoshi UKAI <ukai@debian.or.jp>
* XXMakefile config.h: removed from CVS
diff --git a/frame.c b/frame.c
index 9068325..5850f7f 100644
--- a/frame.c
+++ b/frame.c
@@ -1,4 +1,4 @@
-/* $Id: frame.c,v 1.4 2001/11/16 22:02:00 ukai Exp $ */
+/* $Id: frame.c,v 1.5 2001/11/20 13:17:13 ukai Exp $ */
#include "fm.h"
#include "parsetagx.h"
#include "myctype.h"
@@ -38,8 +38,10 @@ newFrameSet(struct parsed_tag *tag)
if (cols) {
length[i] = p = cols;
while (*p != '\0')
- if (*p++ == ',')
+ if (*p++ == ',') {
length[++i] = p;
+ if (i >= sizeof(length) / sizeof(length[0]) - 2) break;
+ }
length[++i] = p + 1;
}
if (i > 1) {
@@ -74,8 +76,10 @@ newFrameSet(struct parsed_tag *tag)
if (rows) {
length[i] = p = rows;
while (*p != '\0')
- if (*p++ == ',')
+ if (*p++ == ',') {
length[++i] = p;
+ if (i >= sizeof(length) / sizeof(length[0]) - 2) break;
+ }
length[++i] = p + 1;
}
if (i > 1) {