summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-admin/conky/files/conky-1.3.4-arraybounds.patch')
-rw-r--r--app-admin/conky/files/conky-1.3.4-arraybounds.patch68
1 files changed, 68 insertions, 0 deletions
diff --git a/app-admin/conky/files/conky-1.3.4-arraybounds.patch b/app-admin/conky/files/conky-1.3.4-arraybounds.patch
new file mode 100644
index 000000000000..954f900d191b
--- /dev/null
+++ b/app-admin/conky/files/conky-1.3.4-arraybounds.patch
@@ -0,0 +1,68 @@
+--- src/conky.h.old 2005-11-30 01:08:25.000000000 -0500
++++ src/conky.h 2005-11-29 12:35:21.000000000 -0500
+@@ -3,7 +3,7 @@
+ *
+ * This program is licensed under BSD license, read COPYING
+ *
+- * $Id: conky-1.3.4-arraybounds.patch,v 1.1 2005/12/11 03:36:33 dragonheart Exp $
++ * $Id: conky-1.3.4-arraybounds.patch,v 1.1 2005/12/11 03:36:33 dragonheart Exp $
+ */
+
+ #ifndef _conky_h_
+@@ -55,6 +55,9 @@
+ #define CRIT_ERR(s, varargs...) \
+ { fprintf(stderr, "Conky: " s "\n", ##varargs); exit(EXIT_FAILURE); }
+
++#define MIN(a,b) (a>b ? b : a)
++#define MAX(a,b) (a<b ? b : a)
++
+ struct i8k_struct {
+ char *version;
+ char *bios;
+
+--- src/conky.c.old 2005-11-30 01:08:26.000000000 -0500
++++ src/conky.c 2005-11-30 00:52:18.000000000 -0500
+@@ -3,7 +3,7 @@
+ *
+ * This program is licensed under BSD license, read COPYING
+ *
+- * $Id: conky-1.3.4-arraybounds.patch,v 1.1 2005/12/11 03:36:33 dragonheart Exp $
++ * $Id: conky-1.3.4-arraybounds.patch,v 1.1 2005/12/11 03:36:33 dragonheart Exp $
+ */
+
+ #include "conky.h"
+@@ -3462,7 +3462,9 @@
+ printf("%s\n", s);
+ }
+ /* daemon_run(s); the daemon can be called here, but we need to have a buffer in daemon_run() and we need to tell it when everything is ready to be sent */
+- strcpy(tmpstring1, s);
++ memset(tmpstring1,0,TEXT_BUFFER_SIZE);
++ memset(tmpstring2,0,TEXT_BUFFER_SIZE);
++ strncpy(tmpstring1, s, TEXT_BUFFER_SIZE-1);
+ pos = 0;
+ added = 0;
+ char space[2];
+@@ -3483,13 +3485,21 @@
+ for (i2 = 0;
+ i2 < (8 - (1 + pos) % 8) && added <= max;
+ i2++) {
+- tmpstring2[pos + i2] = ' ';
++ /*
++ if ( pos + i2 > TEXT_BUFFER_SIZE-1 )
++ fprintf(stderr,"buffer overrun detected\n");
++ */
++ tmpstring2[ MIN(pos + i2, TEXT_BUFFER_SIZE-1) ] = ' '; /* guard against overrun */
+ added++;
+ }
+ pos += i2;
+ } else {
+ if (tmpstring1[i] != 9) {
+- tmpstring2[pos] = tmpstring1[i];
++ /*
++ if ( pos > TEXT_BUFFER_SIZE-1 )
++ fprintf(stderr,"buffer overrun detected\n");
++ */
++ tmpstring2[ MIN(pos, TEXT_BUFFER_SIZE-1) ] = tmpstring1[i]; /* guard against overrun */
+ pos++;
+ }
+ }