tml@tik.vtt.fi (Tor Lillqvist) (02/20/91)
X Window System Bug Report
xbugs@expo.lcs.mit.edu
[ also sent to xpert ]
VERSION:
R4
CLIENT MACHINE and OPERATING SYSTEM:
HP9000 running HP-UX 7.0
DISPLAY TYPE:
Irrelevant
WINDOW MANAGER:
Irrelevant
AREA:
mit/lib/X/XStrKeysym.c
SYNOPSIS:
Sprintf overflows buffer.
DESCRIPTION:
This has probably been reported earlier, but anyway...
In XKeysymToString sprintf is used to store a keysym value in hex
into char buf[8]. If the keysym in question is vendor-specific
(with bit 29 set, and thus making eight hex digits), the buffer
overflows.
SAMPLE FIX:
*** XStrKeysym.c.ORIG Tue Dec 12 02:10:36 1989
--- XStrKeysym.c Wed Feb 20 14:12:24 1991
***************
*** 91,97 ****
_XInitKeysymDB();
if (keysymdb)
{
! char buf[8];
XrmValue resval;
sprintf(buf, "%lX", ks);
--- 91,97 ----
_XInitKeysymDB();
if (keysymdb)
{
! char buf[10];
XrmValue resval;
sprintf(buf, "%lX", ks);