buffer overflow in utf8 and ncurses demo
authorMarkus Bröker <mbroeker@largo.dyndns.tv>
Fri, 05 Mar 2010 22:03:56 +0100 (2010-03-05)
changeset 114 6f6850407ccf
parent 113 397270b5d21a
child 115 47731bdd72c9
buffer overflow in utf8 and ncurses demo the buffer for wctomb was too small committer: Markus Bröker <mbroeker@largo.homelinux.org>
ncurses.c
utf8.c
--- a/ncurses.c
+++ b/ncurses.c
@@ -38,7 +38,7 @@
 {
     wchar_t guess;
 
-    char dest[4];
+    char dest[6];
 
     int maxx;
     int maxy;
@@ -53,10 +53,7 @@
         maxx = getmaxx (win);
         maxy = getmaxy (win);
 
-        dest[0] = 0;
-        dest[1] = 0;
-        dest[2] = 0;
-        dest[3] = 0;
+        memset (&dest, 0, sizeof (dest));
         if (wctomb (dest, guess) == -1) {
             perror ("WCTOMB");
             return -1;
--- a/utf8.c
+++ b/utf8.c
@@ -7,6 +7,7 @@
 #include <stdlib.h>
 #include <wchar.h>
 #include <locale.h>
+#include <string.h>
 
 #ifndef u_char
 typedef unsigned char u_char;
@@ -14,7 +15,7 @@
 
 int main ()
 {
-    char dest[4];
+    char dest[6];
 
     wchar_t *str = L"Unicode Example with german umlauts: ÄÖÜäöü߀\n";
 
@@ -25,13 +26,10 @@
 
     printf ("%ls", str);
 
-    while (*str != '\n') {
-        dest[0] = 0;
-        dest[1] = 0;
-        dest[2] = 0;
-        dest[3] = 0;
-        if (wctomb (dest, (*str)) == -1)
-            return EXIT_FAILURE;
+    while (*str != L'\n') {
+        memset (&dest, 0, sizeof (dest));
+        if (wctomb (dest, (*str)) < 0)
+            perror ("wctomb");
 
         printf ("%lc -> [%4X] (%2X:%2X:%2X:%2X)\n",
                 *str, *str, (u_char) dest[0], (u_char) dest[1], (u_char) dest[2], (u_char) dest[3]);