summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjan.nijtmans <nijtmans@users.sourceforge.net>2012-03-21 22:17:23 (GMT)
committerjan.nijtmans <nijtmans@users.sourceforge.net>2012-03-21 22:17:23 (GMT)
commit06a17431086a4c08e2111ef5942d49759f7b3687 (patch)
tree29b261c83308bb7a053653c3259ec9cf921a74bb
parent2f563d12979d7011cdde4eccacb98e0b3703cb5b (diff)
downloadtk-06a17431086a4c08e2111ef5942d49759f7b3687.zip
tk-06a17431086a4c08e2111ef5942d49759f7b3687.tar.gz
tk-06a17431086a4c08e2111ef5942d49759f7b3687.tar.bz2
[Bug 2809525] Abort on overlong color name
-rw-r--r--ChangeLog5
-rw-r--r--generic/tkColor.c94
-rw-r--r--unix/tkUnixColor.c23
3 files changed, 62 insertions, 60 deletions
diff --git a/ChangeLog b/ChangeLog
index f98ff7f..1cbf1e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-03-21 Jan Nijtmans <nijtmans@users.sf.net>
+
+ * generic/tkColor.c: [Bug 2809525] Abort on overlong color name.
+ * unix/tkUnixColor.c:
+
2012-03-18 Jan Nijtmans <nijtmans@users.sf.net>
* xlib/xcolors.c: [RFE 3503317]: XParseColor speedup
diff --git a/generic/tkColor.c b/generic/tkColor.c
index edd8509..5866dfd 100644
--- a/generic/tkColor.c
+++ b/generic/tkColor.c
@@ -814,55 +814,63 @@ TkDebugColor(tkwin, name)
/* This function is not necessary for Win32,
* since XParseColor already does the right thing */
Status
-TkParseColor(display, map, spec, colorPtr)
+TkParseColor(display, map, name, color)
Display * display; /* The display */
Colormap map; /* Color map */
- CONST char* spec; /* String to be parsed */
- XColor * colorPtr;
+ CONST char* name; /* String to be parsed */
+ XColor * color;
{
- if (*spec == '#') {
- char buf[14];
- buf[0] = '#'; buf[13] = '\0';
- if (!*(++spec) || !*(++spec) || !*(++spec)) {
- /* Not at least 3 hex digits, so invalid */
+ if (*name == '#') {
+ char buf[14];
+ buf[0] = '#'; buf[13] = '\0';
+ if (!*(++name) || !*(++name) || !*(++name)) {
+ /* Not at least 3 hex digits, so invalid */
return 0;
- } else if (!*(++spec)) {
- /* Exactly 3 hex digits */
- buf[9] = buf[10] = buf[11] = buf[12] = *(--spec);
- buf[5] = buf[6] = buf[7] = buf[8] = *(--spec);
- buf[1] = buf[2] = buf[3] = buf[4] = *(--spec);
- spec = buf;
- } else if (!*(++spec) || !*(++spec)) {
- /* Not at least 6 hex digits, so invalid */
- return 0;
- } else if (!*(++spec)) {
- /* Exactly 6 hex digits */
- buf[10] = buf[12] = *(--spec);
- buf[9] = buf[11] = *(--spec);
- buf[6] = buf[8] = *(--spec);
- buf[5] = buf[7] = *(--spec);
- buf[2] = buf[4] = *(--spec);
- buf[1] = buf[3] = *(--spec);
- spec = buf;
- } else if (!*(++spec) || !*(++spec)) {
- /* Not at least 9 hex digits, so invalid */
- return 0;
- } else if (!*(++spec)) {
- /* Exactly 9 hex digits */
- buf[11] = *(--spec);
- buf[10] = *(--spec);
- buf[9] = buf[12] = *(--spec);
- buf[7] = *(--spec);
- buf[6] = *(--spec);
- buf[5] = buf[8] = *(--spec);
- buf[3] = *(--spec);
- buf[2] = *(--spec);
- buf[1] = buf[4] = *(--spec);
- spec = buf;
+ } else if (!*(++name)) {
+ /* Exactly 3 hex digits */
+ buf[9] = buf[10] = buf[11] = buf[12] = *(--name);
+ buf[5] = buf[6] = buf[7] = buf[8] = *(--name);
+ buf[1] = buf[2] = buf[3] = buf[4] = *(--name);
+ name = buf;
+ } else if (!*(++name) || !*(++name)) {
+ /* Not at least 6 hex digits, so invalid */
+ return 0;
+ } else if (!*(++name)) {
+ /* Exactly 6 hex digits */
+ buf[10] = buf[12] = *(--name);
+ buf[9] = buf[11] = *(--name);
+ buf[6] = buf[8] = *(--name);
+ buf[5] = buf[7] = *(--name);
+ buf[2] = buf[4] = *(--name);
+ buf[1] = buf[3] = *(--name);
+ name = buf;
+ } else if (!*(++name) || !*(++name)) {
+ /* Not at least 9 hex digits, so invalid */
+ return 0;
+ } else if (!*(++name)) {
+ /* Exactly 9 hex digits */
+ buf[11] = *(--name);
+ buf[10] = *(--name);
+ buf[9] = buf[12] = *(--name);
+ buf[7] = *(--name);
+ buf[6] = *(--name);
+ buf[5] = buf[8] = *(--name);
+ buf[3] = *(--name);
+ buf[2] = *(--name);
+ buf[1] = buf[4] = *(--name);
+ name = buf;
+ } else if (!*(++name) || !*(++name) || *(++name)) {
+ /* Not exactly 12 hex digits, so invalid */
+ return 0;
} else {
- spec -= 10;
+ name -= 13;
+ }
+ } else {
+ if (strlen(name) > 99) {
+ /* Don't bother to parse this. [Bug 2809525]*/
+ return 0;
}
}
- return XParseColor(display, map, spec, colorPtr);
+ return XParseColor(display, map, name, color);
}
#endif /* __WIN32__ */
diff --git a/unix/tkUnixColor.c b/unix/tkUnixColor.c
index aebbbca..722dd06 100644
--- a/unix/tkUnixColor.c
+++ b/unix/tkUnixColor.c
@@ -128,20 +128,6 @@ TkpGetColor(tkwin, name)
Colormap colormap = Tk_Colormap(tkwin);
XColor color;
TkColor *tkColPtr;
- char buf[100];
- unsigned len = strlen(name);
-
- /*
- * Make sure that we never exceed a reasonable length of color name. A
- * good maximum length is 99, arbitrary, but larger than any known color
- * name. [Bug 2809525]
- */
-
- if (len > 99) {
- len = 99;
- }
- memcpy(buf, name, len);
- buf[len] = '\0';
/*
* Map from the name to a pixel value. Call XAllocNamedColor rather than
@@ -152,7 +138,10 @@ TkpGetColor(tkwin, name)
if (*name != '#') {
XColor screen;
- if (XAllocNamedColor(display, colormap, buf, &screen, &color) != 0) {
+ if (strlen(name) > 99) {
+ /* Don't bother to parse this. [Bug 2809525]*/
+ return (TkColor *) NULL;
+ } else if (XAllocNamedColor(display, colormap, name, &screen, &color) != 0) {
DeleteStressedCmap(display, colormap);
} else {
/*
@@ -162,13 +151,13 @@ TkpGetColor(tkwin, name)
* pick an approximation to the desired color.
*/
- if (XLookupColor(display, colormap, buf, &color, &screen) == 0) {
+ if (XLookupColor(display, colormap, name, &color, &screen) == 0) {
return (TkColor *) NULL;
}
FindClosestColor(tkwin, &screen, &color);
}
} else {
- if (TkParseColor(display, colormap, buf, &color) == 0) {
+ if (TkParseColor(display, colormap, name, &color) == 0) {
return (TkColor *) NULL;
}
if (XAllocColor(display, colormap, &color) != 0) {