diff options
author | Stefan Schmidt <s.schmidt@samsung.com> | 2014-05-16 13:52:26 +0200 |
---|---|---|
committer | Stefan Schmidt <s.schmidt@samsung.com> | 2014-05-16 13:52:26 +0200 |
commit | 6924e3010cbf60bcd7b999fe10bb8364e49297b7 (patch) | |
tree | a8c736ac0ed3e458d1843cd9a9799c0a0a350b24 | |
parent | ddc09dd04ec56facc494760a381dc5a429d8c699 (diff) | |
download | efl-6924e3010cbf60bcd7b999fe10bb8364e49297b7.tar.gz |
ecore_imf: Avoid potential buffer overrun
We can't just blindly copy the full string into a 128 byte buffer. Adding
some check here to actually stay below the buffer limit or return.
CID 1193233
-rw-r--r-- | src/modules/ecore_imf/scim/scim_imcontext.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/modules/ecore_imf/scim/scim_imcontext.cpp b/src/modules/ecore_imf/scim/scim_imcontext.cpp index 91589672c4..94ee9cf470 100644 --- a/src/modules/ecore_imf/scim/scim_imcontext.cpp +++ b/src/modules/ecore_imf/scim/scim_imcontext.cpp @@ -372,6 +372,7 @@ feed_key_event(Evas *evas, const char *str, Eina_Bool fake) } else { + if (strlen(str) + 1 > 128) return; strncpy(key_string, str, strlen(str)); evas_event_feed_key_down(evas, key_string, key_string, NULL, NULL, timestamp, NULL); SCIM_DEBUG_FRONTEND(1) << " evas_event_feed_key_down()...\n"; |