Merge branch 'fix-Wstringop-overflow'

2023-10-19 17:58:31 +02:00 · 2021-02-06 12:55:42 +01:00 · 2021-02-06 12:55:42 +01:00 · 764f657620
commit 764f657620
parent dd30dacb5b 4bebeda1b0
2 changed files with 20 additions and 17 deletions
--- a/coreengine/complextypes.c
+++ b/coreengine/complextypes.c
@ -726,15 +726,15 @@ bool cNumericExpr::IsNumericExpression(const char *e) {
 }

 bool cNumericExpr::PercentValue(const char *e) {
+    if (!e)
+        return e;
    const char *hit = strchr(e, '%');
    if (!hit)
        return false;
-    char buffer[20] = "";
-    if (strlen(e) > 20)
-        return false;
-    strncpy(buffer, e, strlen(e)-1);
-    buffer[strlen(e)-1] = '\0';
-    int val = atoi(buffer);
+    int val;
+    int r = sscanf(e, "%d%%", &val); // use sscanf to retrieve %-value to avoid -Wstringop-overflow
+    if (r != 1)
+        return false; // sscanf parsing problem
    bool ok = false;
    if (horizontal && container->Width() > 0) {
        value = container->Width() * val / 100;
@ -747,22 +747,22 @@ bool cNumericExpr::PercentValue(const char *e) {
 }

 char *cNumericExpr::ReplacePercentValue(char *e) {
+    if (!e)
+        return e;
    const char *hit = strchr(e, '%');
    if (!hit)
        return e;
-    char buffer[20] = "";
-    if (strlen(e) > 20)
-        return e;
-    strncpy(buffer, e, strlen(e)-1);
-    buffer[strlen(e)-1] = '\0';
-    int val = atoi(buffer);
+    int val;
+    int r = sscanf(e, "%d%%", &val); // use sscanf to retrieve %-value to avoid -Wstringop-overflow
+    if (r != 1)
+        return e; // sscanf parsing problem
    double percentVal = (double)val/100.0f;

    char replacement[50] = "";
    if (horizontal) {
-        sprintf(replacement, "%.5f*{areawidth}", percentVal);
+        snprintf(replacement, sizeof(replacement), "%.5f*{areawidth}", percentVal);
    } else {
-        sprintf(replacement, "%.5f*{areaheight}", percentVal);
+        snprintf(replacement, sizeof(replacement), "%.5f*{areaheight}", percentVal);
    }

    int len = strlen(replacement) + 1;
@ -774,16 +774,19 @@ char *cNumericExpr::ReplacePercentValue(char *e) {
 }

 char *cNumericExpr::ReplaceToken(char *e, const char* token, int val) {
+    if (!e)
+        return e;
    char *tokenStart = strstr(e, token);
    if (!tokenStart) {
        return e;
    }
    char buffer[20] = "";
-    sprintf(buffer, "%d", val);
+    snprintf(buffer, sizeof(buffer), "%d", val);
    size_t newSize = strlen(e) - strlen(token) + strlen(buffer) + 1;
    char *replaced = (char*)malloc(newSize);
    memset(replaced, 0, newSize);
    size_t beginning = strlen(e) - strlen(tokenStart);
+    if (beginning >= newSize) beginning = newSize - 1; // will never happen but avoid -Wstringop-overflow
    if (beginning > 0)
        strncpy(replaced, e, beginning);
    strcat(replaced, buffer);
--- a/extensions/imageloader.c
+++ b/extensions/imageloader.c
@ -178,14 +178,14 @@ cImageImporterSVG::cImageImporterSVG() {

 cImageImporterSVG::~cImageImporterSVG() {
    if (handle) {
-        rsvg_handle_close(handle, NULL); // deprecated since version 2.46
+        rsvg_handle_close(handle, NULL); // TODO: deprecated since version 2.46
        g_object_unref(handle);
    }
 }

 bool cImageImporterSVG::LoadImage(const char *path) {
    if (handle) {
-        rsvg_handle_close(handle, NULL); // deprecated since version 2.46
+        rsvg_handle_close(handle, NULL); // TODO: deprecated since version 2.46
        g_object_unref(handle);
    }