From 7648c1fdfe9032faf4bd587bf0233d5db33bd8ec Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Fri, 8 Apr 2016 11:34:53 +0100
Subject: [PATCH] Evas langauge: Prevent potential buffer overflow and clean
 code.

We were copying a user defined string into a fixed size buffer
without doing any boundary checks. This commit fixes that.
Also cleaned up similar code that was using hardcoded numbers.

@fix.

Change-Id: If32cdf9fc383cc0d13043693af1179686dcb9f44
---
 src/lib/evas/common/language/evas_language_utils.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib/evas/common/language/evas_language_utils.c b/src/lib/evas/common/language/evas_language_utils.c
index bd36e55..8670006 100644
--- a/src/lib/evas/common/language/evas_language_utils.c
+++ b/src/lib/evas/common/language/evas_language_utils.c
@@ -141,8 +141,9 @@ evas_common_language_from_locale_get(void)
    if (locale && *locale)
      {
         char *itr;
-        strncpy(lang, locale, 5);
-        lang[5] = '\0';
+        const size_t size = sizeof(lang);
+        strncpy(lang, locale, size - 1);
+        lang[size - 1] = '\0';
         itr = lang;
         while (*itr)
           {
@@ -167,6 +168,7 @@ evas_common_language_from_locale_full_get(void)
    locale = setlocale(LC_MESSAGES, NULL);
    if (locale && *locale)
      {
+        const size_t size = sizeof(lang_full);
         size_t i;
         for (i = 0 ; locale[i] ; i++)
           {
@@ -174,6 +176,12 @@ evas_common_language_from_locale_full_get(void)
              if ((c == '.') || (c == '@') || (c == ' ')) /* Looks like en_US.UTF8 or de_DE@euro or aa_ER UTF-8*/
                 break;
           }
+
+        if (i >= size)
+          {
+             i = size - 1;
+          }
+
         strncpy(lang_full, locale, i);
         lang_full[i] = '\0';
         return lang_full;
-- 
2.7.4