diff options
author | Guy Harris <guy@alum.mit.edu> | 2011-10-03 07:28:45 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2011-10-03 07:28:45 +0000 |
commit | 66a8e6aa5d9004e4ef87de336f311c932203433b (patch) | |
tree | 113639f3ca32c3e6ab4b78c079f1414566ee46cd /epan | |
parent | 574f05eb2c2483e4aa184f7c67efc8d776e7430f (diff) |
Thou shalt not use g_sprintf() lest thou overflow a buffer. (Yes, even
if you know it's safe. Sorry.)
svn path=/trunk/; revision=39242
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-t30.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/epan/dissectors/packet-t30.c b/epan/dissectors/packet-t30.c index 447adab202..6f8da98247 100644 --- a/epan/dissectors/packet-t30.c +++ b/epan/dissectors/packet-t30.c @@ -617,7 +617,8 @@ dissect_t30_partial_page_request(tvbuff_t *tvb, int offset, packet_info *pinfo, { int frame_count = 0; int frame; - gchar *buf = ep_alloc(10*1 + 90*2 + 156*3 + 256*2 + 1); /* 0..9 + 10..99 + 100..255 + 256*', ' + \0 */ +#define BUF_SIZE (10*1 + 90*2 + 156*3 + 256*2 + 1) /* 0..9 + 10..99 + 100..255 + 256*', ' + \0 */ + gchar *buf = ep_alloc(BUF_SIZE); gchar *buf_top = buf; if (len != 32) { @@ -634,7 +635,7 @@ dissect_t30_partial_page_request(tvbuff_t *tvb, int offset, packet_info *pinfo, for (;bit;) { if (octet & bit) { ++frame_count; - buf_top += g_sprintf(buf_top, "%u, ", frame); + buf_top += g_snprintf(buf_top, BUF_SIZE - (gulong)(buf_top - buf), "%u, ", frame); } bit >>= 1; ++frame; |