From 80f95dfaeb92c44e49e51b8a69e301ea879b846b Mon Sep 17 00:00:00 2001
From: Hans Breuer <hans@breuer.org>
Date: Thu, 3 Oct 2013 20:04:37 +0200
Subject: [PATCH 24/24] Bug 709017 [warningectomy] array subscript is above
array bounds
Get rid of the temporary array for font name, loose the limitation
of maximum font name length and spare a string copy.
---
lib/dia_svg.c | 82 ++++++++++++++++-------------------------------------------
1 file changed, 22 insertions(+), 60 deletions(-)
diff --git a/lib/dia_svg.c b/lib/dia_svg.c
index eea21b2..4eec0d0 100644
--- a/lib/dia_svg.c
+++ b/lib/dia_svg.c
@@ -127,11 +127,6 @@ _parse_color(gint32 *color, const char *str)
return TRUE;
}
-enum
-{
- FONT_NAME_LENGTH_MAX = 40
-};
-
/** This function not only parses the style attribute of the given node
* it also extracts some of the style properties directly.
* @param node An XML node to parse a style from.
@@ -144,9 +139,7 @@ void
dia_svg_parse_style(xmlNodePtr node, DiaSvgStyle *s, real user_scale)
{
xmlChar *str;
- gchar temp[FONT_NAME_LENGTH_MAX+1]; /* font-family names will be limited to 40 characters */
int i = 0;
- gboolean over = FALSE;
char *family = NULL, *style = NULL, *weight = NULL;
str = xmlGetProp(node, (const xmlChar *)"style");
@@ -161,68 +154,37 @@ dia_svg_parse_style(xmlNodePtr node, DiaSvgStyle *s, real user_scale)
if (!strncmp("font-family:", ptr, 12)) {
ptr += 12;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) {
- if (strcmp (temp, "sanserif") == 0 || strcmp (temp, "sans-serif") == 0)
- family = g_strdup ("sans"); /* special name adaption */
- else
- family = g_strdup(temp);
- }
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ /* with i==0 we fall back to 'sans' too */
+ if (strncmp (ptr, "sanserif", i) == 0 || strncmp (ptr, "sans-serif", i) == 0)
+ family = g_strdup ("sans"); /* special name adaption */
+ else
+ family = i > 0 ? g_strndup(ptr, i) : NULL;
+ ptr += i;
} else if (!strncmp("font-weight:", ptr, 12)) {
ptr += 12;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) weight = g_strdup(temp);
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ weight = i > 0 ? g_strndup (ptr, i) : NULL;
+ ptr += i;
} else if (!strncmp("font-style:", ptr, 11)) {
ptr += 11;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) style = g_strdup(temp);
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ style = i > 0 ? g_strndup(ptr, i) : NULL;
+ ptr += i;
} else if (!strncmp("font-size:", ptr, 10)) {
ptr += 10;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
- i = 0; over = FALSE;
- while (ptr[0] != '\0' && ptr[0] != ';' && !over) {
- if (i < FONT_NAME_LENGTH_MAX) {
- temp[i] = ptr[0];
- } else over = TRUE;
- i++;
- ptr++;
- }
- temp[i] = '\0';
-
- if (!over) {
- s->font_height = g_ascii_strtod(temp, NULL);
- if (user_scale > 0)
- s->font_height /= user_scale;
- }
+ i = 0;
+ while (ptr[i] != '\0' && ptr[i] != ';') ++i;
+ s->font_height = g_ascii_strtod(ptr, NULL);
+ ptr += i;
+ if (user_scale > 0)
+ s->font_height /= user_scale;
} else if (!strncmp("text-anchor:", ptr, 12)) {
ptr += 12;
while ((ptr[0] != '\0') && g_ascii_isspace(ptr[0])) ptr++;
--
1.8.4.4
|
