diff options
| author | Teruaki Kawashima <teru@rockbox.org> | 2010-05-19 15:47:54 +0000 |
|---|---|---|
| committer | Teruaki Kawashima <teru@rockbox.org> | 2010-05-19 15:47:54 +0000 |
| commit | 0a4eda4d46df2a28db145ea5bf5f20e5d7321bb3 (patch) | |
| tree | 42b50972613def9ef451e1c79e5ebe6e164c5bc7 | |
| parent | 12af4986b984399e37e7f653061f483e693c9071 (diff) | |
| download | rockbox-0a4eda4d46df2a28db145ea5bf5f20e5d7321bb3.tar.gz rockbox-0a4eda4d46df2a28db145ea5bf5f20e5d7321bb3.zip | |
skin_parser.c: fix possibile overflow in parse_setting_and_lang(). simplify comparison of string in parameter in parse_touchregion().
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@26168 a1c6a512-1295-4272-9138-f99709370657
| -rw-r--r-- | apps/gui/skin_engine/skin_parser.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/apps/gui/skin_engine/skin_parser.c b/apps/gui/skin_engine/skin_parser.c index bb8f8c57d1..932c3baf6b 100644 --- a/apps/gui/skin_engine/skin_parser.c +++ b/apps/gui/skin_engine/skin_parser.c @@ -1067,7 +1067,7 @@ static int parse_setting_and_lang(const char *wps_bufptr, return WPS_ERROR_INVALID_PARAM; ptr++; end = strchr(ptr,'|'); - if (!end) + if (!end || (size_t)(end-ptr+1) > sizeof temp) return WPS_ERROR_INVALID_PARAM; strlcpy(temp, ptr,end-ptr+1); @@ -1084,9 +1084,7 @@ static int parse_setting_and_lang(const char *wps_bufptr, /* Find the setting */ for (i=0; i<nb_settings; i++) if (settings[i].cfg_name && - !strncmp(settings[i].cfg_name,ptr,end-ptr) && - /* prevent matches on cfg_name prefixes */ - strlen(settings[i].cfg_name)==(size_t)(end-ptr)) + !strcmp(settings[i].cfg_name, temp)) break; #ifndef __PCTOOL__ if (i == nb_settings) @@ -1510,10 +1508,11 @@ static int parse_touchregion(const char *wps_bufptr, unsigned i, imax; struct touchregion *region = NULL; const char *ptr = wps_bufptr; - const char *action; + const char *action, *end; const char pb_string[] = "progressbar"; const char vol_string[] = "volume"; int x,y,w,h; + char temp[20]; /* format: %T|x|y|width|height|action| * if action starts with & the area must be held to happen @@ -1561,11 +1560,15 @@ static int parse_touchregion(const char *wps_bufptr, region->wvp = curr_vp; region->armed = false; - if(!strncmp(pb_string, action, sizeof(pb_string)-1) - && *(action + sizeof(pb_string)-1) == '|') + end = strchr(action, '|'); + if (!end || (size_t)(end-action+1) > sizeof temp) + return WPS_ERROR_INVALID_PARAM; + strlcpy(temp, action, end-action+1); + action = temp; + + if(!strcmp(pb_string, action)) region->type = WPS_TOUCHREGION_SCROLLBAR; - else if(!strncmp(vol_string, action, sizeof(vol_string)-1) - && *(action + sizeof(vol_string)-1) == '|') + else if(!strcmp(vol_string, action)) region->type = WPS_TOUCHREGION_VOLUME; else { @@ -1579,17 +1582,15 @@ static int parse_touchregion(const char *wps_bufptr, else region->repeat = false; - i = 0; imax = ARRAYLEN(touchactions); - while ((region->action == ACTION_NONE) && - (i < imax)) + for (i = 0; i < imax; i++) { /* try to match with one of our touchregion screens */ - int len = strlen(touchactions[i].s); - if (!strncmp(touchactions[i].s, action, len) - && *(action+len) == '|') + if (!strcmp(touchactions[i].s, action)) + { region->action = touchactions[i].action; - i++; + break; + } } if (region->action == ACTION_NONE) return WPS_ERROR_INVALID_PARAM; |