Merge lp://qastaging/~mc-return/compiz/compiz.fix1030473-part4 into lp://qastaging/compiz/0.9.8
Status: | Rejected |
---|---|
Rejected by: | Daniel van Vugt |
Proposed branch: | lp://qastaging/~mc-return/compiz/compiz.fix1030473-part4 |
Merge into: | lp://qastaging/compiz/0.9.8 |
Diff against target: |
118 lines (+12/-12) 6 files modified
compizconfig/gconf/src/gconf.c (+1/-1) compizconfig/libcompizconfig/src/bindings.c (+2/-2) compizconfig/libcompizconfig/src/compiz.cpp (+1/-1) plugins/animation/src/options.cpp (+4/-4) plugins/screenshot/src/screenshot.cpp (+2/-2) src/action.cpp (+2/-2) |
To merge this branch: | bzr merge lp://qastaging/~mc-return/compiz/compiz.fix1030473-part4 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Daniel van Vugt | Disapprove | ||
Review via email:
|
Commit message
Added several field width specifiers to prevent overflows with massive input data.
Description of the change
Adds several field width specifiers to prevent overflows with massive input data.
Unmerged revisions
- 3312. By MC Return
-
Changed the int buttonNum to unsigned int buttonNum and changed "%d" to "%2u", because we do not have negative buttonNums and never more than 99 buttons
- 3311. By MC Return
-
Added field width specifiers (%5d x2) to "screenshot%d"
- 3310. By MC Return
-
Added field width specifier " %256s " to sscanf (for variable nameTrimmed)
- 3309. By MC Return
-
Added field width specifiers to " %d " changing them to " %5d " for the int variables vb and vi
- 3308. By MC Return
-
Added a field width specifier to " %s " changing it to " %256s " to allow a maximum of 256 characters for optNamesValues (is it too much ?)
- 3307. By MC Return
-
Changed 'int buttonNum;' to 'unsigned int buttonNum;', because buttonNum should always be positive
Changed 'if (sscanf (binding + strlen ("Button"), "%d", &buttonNum) == 1)' to 'if (sscanf (binding + strlen ("Button"), "%2u", &buttonNum) == 1)', because buttonNum should never be higher than 20 - 3306. By MC Return
-
Changed 'sscanf (token, "screen%d", &screenNum);' to 'sscanf (token, "screen%5u", &screenNum);', adding a field width specifier and changing the type from decimal integer to an unsigned integer (min 0, max 65536)
- 3305. By MC Return
-
Prevent overflow of name[1024] by adding a field width specifier (%1023s)
Out of curiosity, how many parts will there be? It's very hard to mark a bug as fixed when I'm not sure where the end of the fix will be.