From: Dr. Werner Fink <werner@suse.de>
Subject: Fix stack-based buffer overflow by processing certain FIG images.
Closes: 606257: CVE-2010-4262: Buffer overflow
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=659676
Bug-Debian: http://bugs.debian.org/606257
--- a/w_msgpanel.c
+++ b/w_msgpanel.c
@@ -60,7 +60,7 @@
/* for the popup message (file_msg) window */
static int file_msg_length=0;
-static char tmpstr[300];
+static char tmpstr[512];
static Widget file_msg_panel,
file_msg_win, file_msg_dismiss;
@@ -582,8 +582,8 @@
}
va_start(ap, format);
- /* format the string */
- vsprintf(tmpstr, format, ap);
+ /* format the string (but leave room for \n and \0) */
+ vsnprintf(tmpstr, sizeof(tmpstr)-2, format, ap);
va_end(ap);
strcat(tmpstr,"\n");