Re: pango_color_parse

From: Owen Taylor <otaylor redhat com>
To: "Matthias Clasen" <matthiasc poet de>
Cc: <gtk-devel-list gnome org>
Subject: Re: pango_color_parse
Date: 17 Sep 2001 09:54:56 -0400

"Matthias Clasen" <matthiasc poet de> writes:

> The following little patch prevents a possible buffer overrun in
> pango_color_parse. Ok to commit ?
> 
> Btw there are currently three copies of this code (color_parse/color_find)
> in gdk and pango.
> Would it be ok to replace the copy in io-xpm.c by pango_color_parse ?
> I don't know if a gdk-pixbuf -> pango dependency is considered a bad thing
> or not.
 
A pixbuf => pango dependency isn't acceptable, so we'll need at least
two copies, but win32, and in fact GDK cross-platform should be
using pango_color_parse().

> Index: pango-color.c
> ===================================================================
> RCS file: /cvs/gnome/pango/pango/pango-color.c,v
> retrieving revision 1.3
> diff -u -3 -p -u -r1.3 pango-color.c
> --- pango-color.c	2001/09/11 15:29:46	1.3
> +++ pango-color.c	2001/09/17 07:42:26
> @@ -22,6 +22,7 @@
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
> +#include <glib.h>
> 
>  #include "pango-attributes.h"
> 
> @@ -944,7 +945,7 @@ pango_color_parse (PangoColor *color,
> 
>        i /= 3;
> 
> -      sprintf (fmt, "%%%dx%%%dx%%%dx", i, i, i);
> +      g_snprintf (fmt, 16, "%%%dx%%%dx%%%dx", i, i, i);
>        if (sscanf (spec+1, fmt, &r, &g, &b) != 3)
>          return FALSE;

It would be much better to do 'if (i > 4) return FALSE' 

Regards,
                                        Owen

Follow-Ups:
- Re: pango_color_parse
  - From: Hans Breuer

References:
- pango_color_parse
  - From: Matthias Clasen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]