From ac60d0ae037096859cf452d074e9bd345974c786 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Mon, 20 Jun 2011 16:41:28 +0000 Subject: color: Fix a potential buffer-overflow when converting to wide text Thanks to fortify protection, g-s-d fails to build for some distros. Copy the fix from Colin that went into colord a few days ago. --- diff --git a/plugins/color/gsd-color-manager.c b/plugins/color/gsd-color-manager.c index 0b1c882..0391175 100644 --- a/plugins/color/gsd-color-manager.c +++ b/plugins/color/gsd-color-manager.c @@ -87,10 +87,10 @@ typedef struct { GQuark gsd_color_manager_error_quark (void) { - static GQuark quark = 0; - if (!quark) - quark = g_quark_from_static_string ("gsd_color_manager_error"); - return quark; + static GQuark quark = 0; + if (!quark) + quark = g_quark_from_static_string ("gsd_color_manager_error"); + return quark; } static GcmEdid * @@ -492,17 +492,46 @@ out: } #ifdef HAVE_NEW_LCMS +static wchar_t * +utf8_to_wchar_t (const char *src) +{ + gsize len; + gsize converted; + wchar_t *buf = NULL; + + len = mbstowcs (NULL, src, 0); + if (len < 0) { + g_warning ("Invalid UTF-8 in string %s", src); + goto out; + } + len += 1; + buf = g_malloc (sizeof (wchar_t) * len); + converted = mbstowcs (buf, src, len - 1); + g_assert (converted != -1); + buf[converted] = '\0'; +out: + return buf; +} + static cmsBool _cmsDictAddEntryAscii (cmsHANDLE dict, const gchar *key, const gchar *value) { - cmsBool ret; - wchar_t mb_key[1024]; - wchar_t mb_value[1024]; - mbstowcs (mb_key, key, sizeof (mb_key)); - mbstowcs (mb_value, value, sizeof (mb_value)); + cmsBool ret = FALSE; + wchar_t *mb_key = NULL; + wchar_t *mb_value = NULL; + + mb_key = utf8_to_wchar_t (key); + if (mb_key == NULL) + goto out; + mb_value = utf8_to_wchar_t (value); + if (mb_value == NULL) + goto out; ret = cmsDictAddEntry (dict, mb_key, mb_value, NULL, NULL); +out: + g_free (mb_key); + g_free (mb_value); return ret; } #endif /* HAVE_NEW_LCMS */ -- cgit v0.9