Merge pull request #4086 from tacaswell/cve_patch

mdboom · mdboom · commit e600d8fc5092 · 2015-02-09T14:40:58.000-05:00
BUG : fix security bug reported via debian by Matt Giuca
diff --git a/.travis.yml b/.travis.yml
@@ -21,7 +21,7 @@ matrix:
       env: BUILD_DOCS=true
 
 install:
-  - pip install -q --use-mirrors nose python-dateutil numpy pep8 pyparsing pillow
+  - pip install -q --use-mirrors nose python-dateutil numpy pep8==1.5.7 pyparsing pillow
   - sudo apt-get update && sudo apt-get -qq install inkscape libav-tools mencoder
   # We use --no-install-recommends to avoid pulling in additional large latex docs that we don't need
   - if [[ $BUILD_DOCS == true ]]; then sudo apt-get install -qq --no-install-recommends dvipng texlive-latex-base texlive-latex-extra texlive-fonts-recommended graphviz; fi
diff --git a/src/mplutils.cpp b/src/mplutils.cpp
@@ -18,7 +18,10 @@ Printf::Printf(const char *fmt, ...)
 {
     va_list ap;
     va_start(ap, fmt);
-    vsprintf(buffer, fmt, ap);
+    vsnprintf(buffer, 1024, fmt, ap);
+    // Null-terminate the string. Non-standard C implementations (e.g.,
+    // Microsoft Visual C++) do not do this automatically.
+    buffer[1023] = '\0';
     va_end(ap);  // look ma - I rememberd it this time
 }
 

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,10 @@ Printf::Printf(const char *fmt, ...)`
`18`	`18`	`{`
`19`	`19`	`va_list ap;`
`20`	`20`	`va_start(ap, fmt);`
`21`		`- vsprintf(buffer, fmt, ap);`
	`21`	`+ vsnprintf(buffer, 1024, fmt, ap);`
	`22`	`+ // Null-terminate the string. Non-standard C implementations (e.g.,`
	`23`	`+ // Microsoft Visual C++) do not do this automatically.`
	`24`	`+ buffer[1023] = '\0';`
`22`	`25`	`va_end(ap); // look ma - I rememberd it this time`
`23`	`26`	`}`
`24`	`27`