Mercurial > pidgin

diff src/util.c @ 9804:fe268cb602cb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 10672] Fix 2 insanely rare but maybe-still-possible buffer overflows. committer: Tailor Script <tailor@pidgin.im>
author Mark Doliner <mark@kingant.net>
date Sat, 21 Aug 2004 20:11:42 +0000
parents 3e7e294f56f3
children 5206fb21e358
line wrap: on
line diff
--- a/src/util.c	Sat Aug 21 17:46:14 2004 +0000
+++ b/src/util.c	Sat Aug 21 20:11:42 2004 +0000
@@ -2616,7 +2616,7 @@
 	 * if we make sure that there is indeed a \n in our header.
 	 */
 	if (p && g_strstr_len(p, data_len - (p - data), "\n")) {
-		sscanf(p, "Content-Length: %d", (int *)&content_len);
+		sscanf(p, "Content-Length: %ud", &content_len);
 		gaim_debug_misc("parse_content_len", "parsed %d\n", content_len);
 	}
 
@@ -2828,11 +2828,18 @@
 	static char buf[BUF_LEN];
 	guint i, j = 0;
 	char *bum;
+	char hex[3];
 
 	g_return_val_if_fail(str != NULL, NULL);
 
+	/*
+	 * XXX - This check could be removed and buf could be made
+	 * dynamically allocated, but this is easier.
+	 */
+	if (strlen(str) >= BUF_LEN)
+		return NULL;
+
 	for (i = 0; i < strlen(str); i++) {
-		char hex[3];
 
 		if (str[i] != '%')
 			buf[j++] = str[i];