Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 6 Feb 2022 15:26:00 GMT
From:      Dimitry Andric <dim@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: e17fede8ff46 - main - Fix too small sscanf output buffers in kbdmap
Message-ID:  <202202061526.216FQ0uH082668@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by dim:

URL: https://cgit.FreeBSD.org/src/commit/?id=e17fede8ff4629b5ff640ed660940b04c70da0b6

commit e17fede8ff4629b5ff640ed660940b04c70da0b6
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2022-02-06 15:25:11 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2022-02-06 15:25:25 +0000

    Fix too small sscanf output buffers in kbdmap
    
    This fixes the following warnings from clang 14:
    
    usr.sbin/kbdmap/kbdmap.c:241:16: error: 'sscanf' may overflow; destination buffer in argument 5 has size 20, but the corresponding specifier may require size 21 [-Werror,-Wfortify-source]
                                &a, &b, buf);
                                        ^
    usr.sbin/kbdmap/kbdmap.c:615:8: error: 'sscanf' may overflow; destination buffer in argument 3 has size 64, but the corresponding specifier may require size 65 [-Werror,-Wfortify-source]
                                keym, lng, desc);
                                ^
    usr.sbin/kbdmap/kbdmap.c:615:14: error: 'sscanf' may overflow; destination buffer in argument 4 has size 64, but the corresponding specifier may require size 65 [-Werror,-Wfortify-source]
                                keym, lng, desc);
                                      ^
    usr.sbin/kbdmap/kbdmap.c:615:19: error: 'sscanf' may overflow; destination buffer in argument 5 has size 256, but the corresponding specifier may require size 257 [-Werror,-Wfortify-source]
                                keym, lng, desc);
                                           ^
    
    In each case, the buffer being sscanf'd into is one byte too small.
    
    MFC after:       3 days
---
 usr.sbin/kbdmap/kbdmap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/kbdmap/kbdmap.c b/usr.sbin/kbdmap/kbdmap.c
index a11956b682ee..0702c1e66e94 100644
--- a/usr.sbin/kbdmap/kbdmap.c
+++ b/usr.sbin/kbdmap/kbdmap.c
@@ -225,7 +225,7 @@ get_extension(const char *name)
 static char *
 get_font(void)
 {
-	char line[256], buf[20];
+	char line[256], buf[21];
 	char *fnt = NULL;
 
 	FILE *fp = fopen(sysconfig, "r");
@@ -566,7 +566,7 @@ menu_read(void)
 	char *p;
 	int mark, num_keymaps, items, i;
 	char buffer[256], filename[PATH_MAX];
-	char keym[64], lng[64], desc[256];
+	char keym[65], lng[65], desc[257];
 	char dialect[64], lang_abk[64];
 	struct keymap *km;
 	struct keymap **km_sorted;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202061526.216FQ0uH082668>