summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTeruaki Kawashima <teru@rockbox.org>2010-05-21 13:30:21 +0000
committerTeruaki Kawashima <teru@rockbox.org>2010-05-21 13:30:21 +0000
commit0ac61bffa799ed4817ffd1079617ef6ac933a3f2 (patch)
tree0307bc1fee06745ec724f91f87ff6380d8289ade
parente2d1eb6fc8c37efb049cf19a0ca38455149a67d2 (diff)
downloadrockbox-0ac61bffa799ed4817ffd1079617ef6ac933a3f2.tar.gz
rockbox-0ac61bffa799ed4817ffd1079617ef6ac933a3f2.zip
avoid overflow in puts_scroll().
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@26231 a1c6a512-1295-4272-9138-f99709370657
Diffstat
-rw-r--r--firmware/drivers/lcd-bitmap-common.c6
-rw-r--r--firmware/drivers/lcd-charcell.c9
2 files changed, 10 insertions, 5 deletions
diff --git a/firmware/drivers/lcd-bitmap-common.c b/firmware/drivers/lcd-bitmap-common.c
index 1b31ee8a18..fba09cf06b 100644
--- a/firmware/drivers/lcd-bitmap-common.c
+++ b/firmware/drivers/lcd-bitmap-common.c
@@ -321,6 +321,7 @@ void LCDFN(puts_scroll_style_offset)(int x, int y, const unsigned char *string,
321 struct scrollinfo* s; 321 struct scrollinfo* s;
322 char *end; 322 char *end;
323 int w, h; 323 int w, h;
324 int len;
324 325
325 if ((unsigned)y >= (unsigned)current_vp->height) 326 if ((unsigned)y >= (unsigned)current_vp->height)
326 return; 327 return;
@@ -358,13 +359,14 @@ void LCDFN(puts_scroll_style_offset)(int x, int y, const unsigned char *string,
358 s->bidir = false; 359 s->bidir = false;
359 360
360 if (!s->bidir) { /* add spaces if scrolling in the round */ 361 if (!s->bidir) { /* add spaces if scrolling in the round */
361 strcat(s->line, " "); 362 strlcat(s->line, " ", sizeof s->line);
362 /* get new width incl. spaces */ 363 /* get new width incl. spaces */
363 s->width = LCDFN(getstringsize)(s->line, &w, &h); 364 s->width = LCDFN(getstringsize)(s->line, &w, &h);
364 } 365 }
365 366
366 end = strchr(s->line, '\0'); 367 end = strchr(s->line, '\0');
367 strlcpy(end, string, current_vp->width/2); 368 len = sizeof s->line - (end - s->line);
369 strlcpy(end, string, MIN(current_vp->width/2, len));
368 370
369 s->vp = current_vp; 371 s->vp = current_vp;
370 s->y = y; 372 s->y = y;
diff --git a/firmware/drivers/lcd-charcell.c b/firmware/drivers/lcd-charcell.c
index 36f1d26487..f928c19ecd 100644
--- a/firmware/drivers/lcd-charcell.c
+++ b/firmware/drivers/lcd-charcell.c
@@ -513,9 +513,10 @@ void lcd_puts_scroll_offset(int x, int y, const unsigned char *string,
513 { 513 {
514 /* prepare scroll line */ 514 /* prepare scroll line */
515 char *end; 515 char *end;
516 int count;
516 517
517 memset(s->line, 0, sizeof s->line); 518 memset(s->line, 0, sizeof s->line);
518 strcpy(s->line, string); 519 strlcpy(s->line, string, sizeof s->line);
519 520
520 /* get width */ 521 /* get width */
521 s->len = utf8length(s->line); 522 s->len = utf8length(s->line);
@@ -531,13 +532,15 @@ void lcd_puts_scroll_offset(int x, int y, const unsigned char *string,
531 532
532 if (!s->bidir) /* add spaces if scrolling in the round */ 533 if (!s->bidir) /* add spaces if scrolling in the round */
533 { 534 {
534 strcat(s->line, " "); 535 strlcat(s->line, " ", sizeof s->line);
535 /* get new width incl. spaces */ 536 /* get new width incl. spaces */
536 s->len += SCROLL_SPACING; 537 s->len += SCROLL_SPACING;
537 } 538 }
538 539
539 end = strchr(s->line, '\0'); 540 end = strchr(s->line, '\0');
540 strlcpy(end, string, utf8seek(s->line, current_vp->width)); 541 len = sizeof s->line - (end - s->line);
542 count = utf8seek(s->line, current_vp->width);
543 strlcpy(end, string, MIN(count, len));
541 544
542 s->vp = current_vp; 545 s->vp = current_vp;
543 s->y = y; 546 s->y = y;
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-23 19:54:01 +0000