summaryrefslogtreecommitdiff
path: root/src/WrFFrI.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/WrFFrI.c')
-rw-r--r--src/WrFFrI.c36
1 files changed, 26 insertions, 10 deletions
diff --git a/src/WrFFrI.c b/src/WrFFrI.c
index 5ef5814..e5c9b4b 100644
--- a/src/WrFFrI.c
+++ b/src/WrFFrI.c
@@ -38,6 +38,8 @@
* Lorens Younes (d93-hyo@nada.kth.se) 4/96
*/
+/* October 2004, source code review by Thomas Biege <thomas@suse.de> */
+
#include "XpmI.h"
#if !defined(NO_ZPIPE) && defined(WIN32)
# define popen _popen
@@ -98,7 +100,7 @@ XpmWriteFileFromXpmImage(filename, image, info)
XpmInfo *info;
{
xpmData mdata;
- char *name, *dot, *s, new_name[BUFSIZ];
+ char *name, *dot, *s, new_name[BUFSIZ] = {0};
int ErrorStatus;
/* open file to write */
@@ -121,7 +123,8 @@ XpmWriteFileFromXpmImage(filename, image, info)
#endif
/* let's try to make a valid C syntax name */
if (index(name, '.')) {
- strcpy(new_name, name);
+ strncpy(new_name, name, sizeof(new_name));
+ new_name[sizeof(new_name)-1] = 0;
/* change '.' to '_' */
name = s = new_name;
while ((dot = index(s, '.'))) {
@@ -131,7 +134,8 @@ XpmWriteFileFromXpmImage(filename, image, info)
}
if (index(name, '-')) {
if (name != new_name) {
- strcpy(new_name, name);
+ strncpy(new_name, name, sizeof(new_name));
+ new_name[sizeof(new_name)-1] = 0;
name = new_name;
}
/* change '-' to '_' */
@@ -248,7 +252,7 @@ WritePixels(file, width, height, cpp, pixels, colors)
unsigned int x, y, h;
h = height - 1;
- if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp)
+ if (cpp != 0 && width >= (UINT_MAX - 3)/cpp)
return XpmNoMemory;
p = buf = (char *) XpmMalloc(width * cpp + 3);
if (!buf)
@@ -300,6 +304,11 @@ WriteExtensions(file, ext, num)
/*
* open the given file to be written as an xpmData which is returned
*/
+#ifndef NO_ZPIPE
+ FILE *s_popen(char *cmd, const char *type);
+#else
+# define s_popen popen
+#endif
static int
OpenWriteFile(filename, mdata)
char *filename;
@@ -315,16 +324,23 @@ OpenWriteFile(filename, mdata)
mdata->type = XPMFILE;
} else {
#ifndef NO_ZPIPE
- int len = strlen(filename);
+ size_t len = strlen(filename);
+
+ if(len == 0 ||
+ filename[0] == '/' ||
+ strstr(filename, "../") != NULL ||
+ filename[len-1] == '/')
+ return(XpmOpenFailed);
+
if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
- sprintf(buf, "compress > \"%s\"", filename);
- if (!(mdata->stream.file = popen(buf, "w")))
+ snprintf(buf, sizeof(buf), "compress > \"%s\"", filename);
+ if (!(mdata->stream.file = s_popen(buf, "w")))
return (XpmOpenFailed);
mdata->type = XPMPIPE;
} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
- sprintf(buf, "gzip -q > \"%s\"", filename);
- if (!(mdata->stream.file = popen(buf, "w")))
+ snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename);
+ if (!(mdata->stream.file = s_popen(buf, "w")))
return (XpmOpenFailed);
mdata->type = XPMPIPE;
@@ -355,7 +371,7 @@ xpmDataClose(mdata)
break;
#ifndef NO_ZPIPE
case XPMPIPE:
- pclose(mdata->stream.file);
+ fclose(mdata->stream.file);
break;
#endif
}
View Lorry Controller Status