From 6924e3010cbf60bcd7b999fe10bb8364e49297b7 Mon Sep 17 00:00:00 2001 From: Stefan Schmidt Date: Fri, 16 May 2014 13:52:26 +0200 Subject: [PATCH] ecore_imf: Avoid potential buffer overrun We can't just blindly copy the full string into a 128 byte buffer. Adding some check here to actually stay below the buffer limit or return. CID 1193233 --- src/modules/ecore_imf/scim/scim_imcontext.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/modules/ecore_imf/scim/scim_imcontext.cpp b/src/modules/ecore_imf/scim/scim_imcontext.cpp index 9158967..94ee9cf 100644 --- a/src/modules/ecore_imf/scim/scim_imcontext.cpp +++ b/src/modules/ecore_imf/scim/scim_imcontext.cpp @@ -372,6 +372,7 @@ feed_key_event(Evas *evas, const char *str, Eina_Bool fake) } else { + if (strlen(str) + 1 > 128) return; strncpy(key_string, str, strlen(str)); evas_event_feed_key_down(evas, key_string, key_string, NULL, NULL, timestamp, NULL); SCIM_DEBUG_FRONTEND(1) << " evas_event_feed_key_down()...\n"; -- 2.7.4