From f51e86a184b38bf698d20fe3a8c286ccf6e514b2 Mon Sep 17 00:00:00 2001 From: Pavel Roskin Date: Mon, 24 Nov 2003 20:27:34 +0000 Subject: [PATCH] * editcmd.c (pipe_mail): Eliminate g_strdup_printf(). (edit_complete_word_cmd): Fix possible buffer overflow. --- edit/ChangeLog | 5 +++++ edit/editcmd.c | 9 ++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/edit/ChangeLog b/edit/ChangeLog index 5a36ed421..384e8c1f9 100644 --- a/edit/ChangeLog +++ b/edit/ChangeLog @@ -1,3 +1,8 @@ +2003-11-24 Andrew V. Samoilov + + * editcmd.c (pipe_mail): Eliminate g_strdup_printf(). + (edit_complete_word_cmd): Fix possible buffer overflow. + 2003-11-03 Andrew V. Samoilov * editcmd.c (edit_mail_dialog): Trivial clean-up. diff --git a/edit/editcmd.c b/edit/editcmd.c index e52cf1728..c6b78e2b1 100644 --- a/edit/editcmd.c +++ b/edit/editcmd.c @@ -2528,7 +2528,7 @@ static void pipe_mail (WEdit *edit, char *to, char *subject, char *cc) to = name_quote (to, 0); subject = name_quote (subject, 0); cc = name_quote (cc, 0); - s = g_strdup_printf ("mail -s %s -c %s %s", subject, cc, to); + s = g_strconcat ("mail -s ", subject, *cc ? " -c " : "" , cc, " ", to, NULL); g_free (to); g_free (subject); g_free (cc); @@ -2792,7 +2792,7 @@ edit_complete_word_cmd (WEdit *edit) int word_len = 0, i, num_compl = 0, max_len; long word_start = 0; char *bufpos; - char match_expr[MAX_REPL_LEN]; + char *match_expr; struct selection compl[MAX_WORD_COMPLETIONS]; /* completions */ /* don't want to disturb another search */ @@ -2809,9 +2809,7 @@ edit_complete_word_cmd (WEdit *edit) /* prepare match expression */ bufpos = &edit->buffers1[word_start >> S_EDIT_BUF_SIZE] [word_start & M_EDIT_BUF_SIZE]; - strncpy (match_expr, bufpos, word_len); - match_expr[word_len] = '\0'; - strcat (match_expr, "[a-zA-Z_0-9]+"); + match_expr = g_strdup_printf ("%.*s[a-zA-Z_0-9]+", word_len, bufpos); /* init search: backward, regexp, whole word, case sensitive */ edit_set_search_parameters (0, 1, 1, 1, 1); @@ -2842,6 +2840,7 @@ edit_complete_word_cmd (WEdit *edit) } } + g_free (match_expr); /* release memory before return */ for (i = 0; i < num_compl; i++) g_free (compl[i].text);