changeset 25845:151004519917

Make sure we call atoi on a NUL-terminated string. It isn't safe to call on a pointer to a single char. This came out of the veracode analysis.
author Daniel Atallah <daniel.atallah@gmail.com>
date Sat, 02 May 2009 19:50:13 +0000
parents 5e6999b6b5e4
children c7ec8f3b39d3
files libpurple/protocols/qq/utils.c
diffstat 1 files changed, 8 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/qq/utils.c	Sat May 02 19:39:45 2009 +0000
+++ b/libpurple/protocols/qq/utils.c	Sat May 02 19:50:13 2009 +0000
@@ -222,7 +222,8 @@
  * The return should be freed later. */
 guint8 *hex_str_to_bytes(const gchar *const buffer, gint *out_len)
 {
-	gchar *hex_str, *hex_buffer, *cursor, tmp;
+	gchar *hex_str, *hex_buffer, *cursor;
+	gchar tmp[2];
 	guint8 *bytes, nibble1, nibble2;
 	gint index;
 
@@ -242,7 +243,9 @@
 	index = 0;
 	for (cursor = hex_str; cursor < hex_str + sizeof(gchar) * (strlen(hex_str)) - 1; cursor++) {
 		if (g_ascii_isdigit(*cursor)) {
-			tmp = *cursor; nibble1 = atoi(&tmp);
+			tmp[0] = *cursor;
+			tmp[1] = '\0';
+			nibble1 = atoi(tmp);
 		} else if (g_ascii_isalpha(*cursor) && (gint) *cursor - 87 < 16) {
 			nibble1 = (gint) *cursor - 87;
 		} else {
@@ -254,7 +257,9 @@
 		nibble1 = nibble1 << 4;
 		cursor++;
 		if (g_ascii_isdigit(*cursor)) {
-			tmp = *cursor; nibble2 = atoi(&tmp);
+			tmp[0] = *cursor;
+			tmp[1] = '\0';
+			nibble2 = atoi(tmp);
 		} else if (g_ascii_isalpha(*cursor) && (gint) (*cursor - 87) < 16) {
 			nibble2 = (gint) *cursor - 87;
 		} else {