diff options
author | Teruaki Kawashima <teru@rockbox.org> | 2010-05-19 15:47:54 +0000 |
---|---|---|
committer | Teruaki Kawashima <teru@rockbox.org> | 2010-05-19 15:47:54 +0000 |
commit | 0a4eda4d46df2a28db145ea5bf5f20e5d7321bb3 (patch) | |
tree | 42b50972613def9ef451e1c79e5ebe6e164c5bc7 | |
parent | 12af4986b984399e37e7f653061f483e693c9071 (diff) | |
download | rockbox-0a4eda4d46df2a28db145ea5bf5f20e5d7321bb3.tar.gz rockbox-0a4eda4d46df2a28db145ea5bf5f20e5d7321bb3.zip |
skin_parser.c: fix possibile overflow in parse_setting_and_lang(). simplify comparison of string in parameter in parse_touchregion().
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@26168 a1c6a512-1295-4272-9138-f99709370657
-rw-r--r-- | apps/gui/skin_engine/skin_parser.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/apps/gui/skin_engine/skin_parser.c b/apps/gui/skin_engine/skin_parser.c index bb8f8c57d1..932c3baf6b 100644 --- a/apps/gui/skin_engine/skin_parser.c +++ b/apps/gui/skin_engine/skin_parser.c | |||
@@ -1067,7 +1067,7 @@ static int parse_setting_and_lang(const char *wps_bufptr, | |||
1067 | return WPS_ERROR_INVALID_PARAM; | 1067 | return WPS_ERROR_INVALID_PARAM; |
1068 | ptr++; | 1068 | ptr++; |
1069 | end = strchr(ptr,'|'); | 1069 | end = strchr(ptr,'|'); |
1070 | if (!end) | 1070 | if (!end || (size_t)(end-ptr+1) > sizeof temp) |
1071 | return WPS_ERROR_INVALID_PARAM; | 1071 | return WPS_ERROR_INVALID_PARAM; |
1072 | strlcpy(temp, ptr,end-ptr+1); | 1072 | strlcpy(temp, ptr,end-ptr+1); |
1073 | 1073 | ||
@@ -1084,9 +1084,7 @@ static int parse_setting_and_lang(const char *wps_bufptr, | |||
1084 | /* Find the setting */ | 1084 | /* Find the setting */ |
1085 | for (i=0; i<nb_settings; i++) | 1085 | for (i=0; i<nb_settings; i++) |
1086 | if (settings[i].cfg_name && | 1086 | if (settings[i].cfg_name && |
1087 | !strncmp(settings[i].cfg_name,ptr,end-ptr) && | 1087 | !strcmp(settings[i].cfg_name, temp)) |
1088 | /* prevent matches on cfg_name prefixes */ | ||
1089 | strlen(settings[i].cfg_name)==(size_t)(end-ptr)) | ||
1090 | break; | 1088 | break; |
1091 | #ifndef __PCTOOL__ | 1089 | #ifndef __PCTOOL__ |
1092 | if (i == nb_settings) | 1090 | if (i == nb_settings) |
@@ -1510,10 +1508,11 @@ static int parse_touchregion(const char *wps_bufptr, | |||
1510 | unsigned i, imax; | 1508 | unsigned i, imax; |
1511 | struct touchregion *region = NULL; | 1509 | struct touchregion *region = NULL; |
1512 | const char *ptr = wps_bufptr; | 1510 | const char *ptr = wps_bufptr; |
1513 | const char *action; | 1511 | const char *action, *end; |
1514 | const char pb_string[] = "progressbar"; | 1512 | const char pb_string[] = "progressbar"; |
1515 | const char vol_string[] = "volume"; | 1513 | const char vol_string[] = "volume"; |
1516 | int x,y,w,h; | 1514 | int x,y,w,h; |
1515 | char temp[20]; | ||
1517 | 1516 | ||
1518 | /* format: %T|x|y|width|height|action| | 1517 | /* format: %T|x|y|width|height|action| |
1519 | * if action starts with & the area must be held to happen | 1518 | * if action starts with & the area must be held to happen |
@@ -1561,11 +1560,15 @@ static int parse_touchregion(const char *wps_bufptr, | |||
1561 | region->wvp = curr_vp; | 1560 | region->wvp = curr_vp; |
1562 | region->armed = false; | 1561 | region->armed = false; |
1563 | 1562 | ||
1564 | if(!strncmp(pb_string, action, sizeof(pb_string)-1) | 1563 | end = strchr(action, '|'); |
1565 | && *(action + sizeof(pb_string)-1) == '|') | 1564 | if (!end || (size_t)(end-action+1) > sizeof temp) |
1565 | return WPS_ERROR_INVALID_PARAM; | ||
1566 | strlcpy(temp, action, end-action+1); | ||
1567 | action = temp; | ||
1568 | |||
1569 | if(!strcmp(pb_string, action)) | ||
1566 | region->type = WPS_TOUCHREGION_SCROLLBAR; | 1570 | region->type = WPS_TOUCHREGION_SCROLLBAR; |
1567 | else if(!strncmp(vol_string, action, sizeof(vol_string)-1) | 1571 | else if(!strcmp(vol_string, action)) |
1568 | && *(action + sizeof(vol_string)-1) == '|') | ||
1569 | region->type = WPS_TOUCHREGION_VOLUME; | 1572 | region->type = WPS_TOUCHREGION_VOLUME; |
1570 | else | 1573 | else |
1571 | { | 1574 | { |
@@ -1579,17 +1582,15 @@ static int parse_touchregion(const char *wps_bufptr, | |||
1579 | else | 1582 | else |
1580 | region->repeat = false; | 1583 | region->repeat = false; |
1581 | 1584 | ||
1582 | i = 0; | ||
1583 | imax = ARRAYLEN(touchactions); | 1585 | imax = ARRAYLEN(touchactions); |
1584 | while ((region->action == ACTION_NONE) && | 1586 | for (i = 0; i < imax; i++) |
1585 | (i < imax)) | ||
1586 | { | 1587 | { |
1587 | /* try to match with one of our touchregion screens */ | 1588 | /* try to match with one of our touchregion screens */ |
1588 | int len = strlen(touchactions[i].s); | 1589 | if (!strcmp(touchactions[i].s, action)) |
1589 | if (!strncmp(touchactions[i].s, action, len) | 1590 | { |
1590 | && *(action+len) == '|') | ||
1591 | region->action = touchactions[i].action; | 1591 | region->action = touchactions[i].action; |
1592 | i++; | 1592 | break; |
1593 | } | ||
1593 | } | 1594 | } |
1594 | if (region->action == ACTION_NONE) | 1595 | if (region->action == ACTION_NONE) |
1595 | return WPS_ERROR_INVALID_PARAM; | 1596 | return WPS_ERROR_INVALID_PARAM; |