buffer overflow in utf8 and ncurses demo
the buffer for wctomb was too small
committer: Markus Bröker <mbroeker@largo.homelinux.org>
--- a/ncurses.c
+++ b/ncurses.c
@@ -38,7 +38,7 @@
{
wchar_t guess;
- char dest[4];
+ char dest[6];
int maxx;
int maxy;
@@ -53,10 +53,7 @@
maxx = getmaxx (win);
maxy = getmaxy (win);
- dest[0] = 0;
- dest[1] = 0;
- dest[2] = 0;
- dest[3] = 0;
+ memset (&dest, 0, sizeof (dest));
if (wctomb (dest, guess) == -1) {
perror ("WCTOMB");
return -1;
--- a/utf8.c
+++ b/utf8.c
@@ -7,6 +7,7 @@
#include <stdlib.h>
#include <wchar.h>
#include <locale.h>
+#include <string.h>
#ifndef u_char
typedef unsigned char u_char;
@@ -14,7 +15,7 @@
int main ()
{
- char dest[4];
+ char dest[6];
wchar_t *str = L"Unicode Example with german umlauts: ÄÖÜäöü߀\n";
@@ -25,13 +26,10 @@
printf ("%ls", str);
- while (*str != '\n') {
- dest[0] = 0;
- dest[1] = 0;
- dest[2] = 0;
- dest[3] = 0;
- if (wctomb (dest, (*str)) == -1)
- return EXIT_FAILURE;
+ while (*str != L'\n') {
+ memset (&dest, 0, sizeof (dest));
+ if (wctomb (dest, (*str)) < 0)
+ perror ("wctomb");
printf ("%lc -> [%4X] (%2X:%2X:%2X:%2X)\n",
*str, *str, (u_char) dest[0], (u_char) dest[1], (u_char) dest[2], (u_char) dest[3]);