summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--unix/tkUnixColor.c24
2 files changed, 24 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index a8972c4..5c13d07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-10-25 Donal K. Fellows <dkf@users.sf.net>
+
+ * unix/tkUnixColor.c (TkpGetColor): [Bug 2809525]: Impose a maximum
+ X11 color name length so that it becomes impossible to blow things up
+ that way.
+
2009-10-22 Donal K. Fellows <dkf@users.sf.net>
* generic/tkText.c (Tk_TextCmd, TextEditUndo, TextEditRedo)
diff --git a/unix/tkUnixColor.c b/unix/tkUnixColor.c
index e2def60..8d80bef 100644
--- a/unix/tkUnixColor.c
+++ b/unix/tkUnixColor.c
@@ -9,7 +9,7 @@
* See the file "license.terms" for information on usage and redistribution
* of this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tkUnixColor.c,v 1.2 1998/09/14 18:23:55 stanton Exp $
+ * RCS: @(#) $Id: tkUnixColor.c,v 1.2.26.1 2009/10/25 17:08:28 dkf Exp $
*/
#include <tkColor.h>
@@ -130,6 +130,20 @@ TkpGetColor(tkwin, name)
Colormap colormap = Tk_Colormap(tkwin);
XColor color;
TkColor *tkColPtr;
+ char buf[100];
+ unsigned len = strlen(name);
+
+ /*
+ * Make sure that we never exceed a reasonable length of color name. A
+ * good maximum length is 99, arbitrary, but larger than any known color
+ * name. [Bug 2809525]
+ */
+
+ if (len > 99) {
+ len = 99;
+ }
+ memcpy(buf, name, len);
+ buf[len] = '\0';
/*
* Map from the name to a pixel value. Call XAllocNamedColor rather than
@@ -140,8 +154,7 @@ TkpGetColor(tkwin, name)
if (*name != '#') {
XColor screen;
- if (XAllocNamedColor(display, colormap, name, &screen,
- &color) != 0) {
+ if (XAllocNamedColor(display, colormap, buf, &screen, &color) != 0) {
DeleteStressedCmap(display, colormap);
} else {
/*
@@ -151,14 +164,13 @@ TkpGetColor(tkwin, name)
* pick an approximation to the desired color.
*/
- if (XLookupColor(display, colormap, name, &color,
- &screen) == 0) {
+ if (XLookupColor(display, colormap, buf, &color, &screen) == 0) {
return (TkColor *) NULL;
}
FindClosestColor(tkwin, &screen, &color);
}
} else {
- if (XParseColor(display, colormap, name, &color) == 0) {
+ if (XParseColor(display, colormap, buf, &color) == 0) {
return (TkColor *) NULL;
}
if (XAllocColor(display, colormap, &color) != 0) {