1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
From 80f95dfaeb92c44e49e51b8a69e301ea879b846b Mon Sep 17 00:00:00 2001
From: Hans Breuer <hans@breuer.org>
Date: Thu, 3 Oct 2013 20:04:37 +0200
Subject: [PATCH 24/24] Bug 709017 [warningectomy] array subscript is above
array bounds
Get rid of the temporary array for font name, loose the limitation
of maximum font name length and spare a string copy.
---
lib/dia_svg.c | 82 ++++++++++++++++-------------------------------------------
1 file changed, 22 insertions(+), 60 deletions(-)
diff --git a/lib/dia_svg.c b/lib/dia_svg.c
index eea21b2..4eec0d0 100644
--- a/lib/dia_svg.c
+++ b/lib/dia_svg.c
@@ -127,11 +127,6 @@ _parse_color(gint32 *color, const char *str)
return TRUE;
}
-enum
-{
- FONT_NAME_LENGTH_MAX = 40
-};
-
/** This function not only parses the style attribute of the given node
* it also extracts some of the style properties directly.
* @param node An XML node to parse a style from.
@@ -144,9 +139,7 @@ void
dia_svg_parse_style(xmlNodePtr node, DiaSvgStyle *s, real user_scale)
{
xmlChar *str;
- gchar temp[FONT_NAME_LENGTH_MAX+1]; /* font-family names will be limited to 40 characters */
int i = 0;
- gboolean over = FALSE;
char *family = NULL, *style = NULL, *weight = NULL;
str = xmlGetProp(node, (const xmlChar *)"style");
@@ -161,68 +154,37 @@ dia_svg_parse_style(xmlNodePtr node, DiaSvgStyle *s, real user_scale)
if (!strncmp("font-family:", ptr, 12)) {
ptr += 12;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) {
- if (strcmp (temp, "sanserif") == 0 || strcmp (temp, "sans-serif") == 0)
- family = g_strdup ("sans"); /* special name adaption */
- else
- family = g_strdup(temp);
- }
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ /* with i==0 we fall back to 'sans' too */
+ if (strncmp (ptr, "sanserif", i) == 0 || strncmp (ptr, "sans-serif", i) == 0)
+ family = g_strdup ("sans"); /* special name adaption */
+ else
+ family = i > 0 ? g_strndup(ptr, i) : NULL;
+ ptr += i;
} else if (!strncmp("font-weight:", ptr, 12)) {
ptr += 12;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) weight = g_strdup(temp);
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ weight = i > 0 ? g_strndup (ptr, i) : NULL;
+ ptr += i;
} else if (!strncmp("font-style:", ptr, 11)) {
ptr += 11;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) style = g_strdup(temp);
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ style = i > 0 ? g_strndup(ptr, i) : NULL;
+ ptr += i;
} else if (!strncmp("font-size:", ptr, 10)) {
ptr += 10;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) {
- s->font_height = g_ascii_strtod(temp, NULL);
- if (user_scale > 0)
- s->font_height /= user_scale;
- }
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ s->font_height = g_ascii_strtod(ptr, NULL);
+ ptr += i;
+ if (user_scale > 0)
+ s->font_height /= user_scale;
} else if (!strncmp("text-anchor:", ptr, 12)) {
ptr += 12;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
--
1.8.4.4
|