projects
/
claws.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d18fa86
)
Better fix for Coverity #1220388, use effective indexes and boundaries.
author
wwp
<wwp@free.fr>
Tue, 10 Jan 2017 08:26:08 +0000
(09:26 +0100)
committer
wwp
<wwp@free.fr>
Tue, 10 Jan 2017 08:26:08 +0000
(09:26 +0100)
src/plugins/notification/notification_core.c
patch
|
blob
|
history
diff --git
a/src/plugins/notification/notification_core.c
b/src/plugins/notification/notification_core.c
index 22fb659ffc7f19d9a0df42757da384ff357d9e0c..173652369464aef65c644dc663624d538a3a4485 100644
(file)
--- a/
src/plugins/notification/notification_core.c
+++ b/
src/plugins/notification/notification_core.c
@@
-645,34
+645,34
@@
void notification_show_mainwindow(MainWindow *mainwin)
/* Returns a newly allocated string which needs to be freed */
gchar* notification_libnotify_sanitize_str(gchar *in)
{
/* Returns a newly allocated string which needs to be freed */
gchar* notification_libnotify_sanitize_str(gchar *in)
{
- gint
i_
out;
+ gint out;
gchar tmp_str[STR_MAX_LEN+1];
if(in == NULL) return NULL;
gchar tmp_str[STR_MAX_LEN+1];
if(in == NULL) return NULL;
-
i_
out = 0;
+ out = 0;
while(*in) {
if(*in == '<') {
while(*in) {
if(*in == '<') {
- if(
i_out+3 > STR_MAX_LEN
) break;
- memcpy(&(tmp_str[
i_
out]),"<",4);
- in++;
i_
out += 4;
+ if(
out+4 > STR_MAX_LEN+1
) break;
+ memcpy(&(tmp_str[out]),"<",4);
+ in++; out += 4;
}
else if(*in == '>') {
}
else if(*in == '>') {
- if(
i_out+3 > STR_MAX_LEN
) break;
- memcpy(&(tmp_str[
i_
out]),">",4);
- in++;
i_
out += 4;
+ if(
out+4 > STR_MAX_LEN+1
) break;
+ memcpy(&(tmp_str[out]),">",4);
+ in++; out += 4;
}
else if(*in == '&') {
}
else if(*in == '&') {
- if(
i_out+4 > STR_MAX_LEN
) break;
- memcpy(&(tmp_str[
i_
out]),"&",5);
- in++;
i_
out += 5;
+ if(
out+5 > STR_MAX_LEN+1
) break;
+ memcpy(&(tmp_str[out]),"&",5);
+ in++; out += 5;
}
else {
}
else {
- if(
i_out > STR_MAX_LEN
) break;
- tmp_str[
i_
out++] = *in++;
+ if(
out+1 > STR_MAX_LEN+1
) break;
+ tmp_str[out++] = *in++;
}
}
}
}
- tmp_str[
i_
out] = '\0';
+ tmp_str[out] = '\0';
return strdup(tmp_str);
}
return strdup(tmp_str);
}