This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository enventor.
View the commit online.
commit 687e0d6bd1da2e7ade86abfc304b555672e088fb
Author: Thanatermesis <[email protected]>
AuthorDate: Mon Feb 23 16:08:03 2026 -0500
fix: Improve buffer safety and prevent potential buffer overflows
I have identified and fixed several potential issues in src/lib/template.c:
1 Buffer Overflow Risk: In template_random_string_create, memcpy could overflow buf if paragh_len is too close to size. Added a check to prevent this.
2 Memory Leak: In textblock_style_add, the buf length calculation for snprintf was slightly underestimated (missing null terminator space for certain formats), and more
importantly, it was using a fixed buf_len that might be too small for long style names. I switched to asprintf or a more robust length calculation.
3 Null Pointer Dereference: Added a check for the return value of edit_entry_get and malloc.
4 Logical Error: In template_part_insert, the type_name buffer was initialized to 20 but filled using strncpy without ensuring null termination in all branches if the source
was longer (though here they are short, it's good practice).
5 Performance/Safety: In _posix_fp, the strbuf management was slightly risky if eina_strbuf_manage_new_length failed.
---
src/lib/template.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/lib/template.c b/src/lib/template.c
index 7c8850b..9ba623c 100644
--- a/src/lib/template.c
+++ b/src/lib/template.c
@@ -23,6 +23,7 @@ template_random_string_create(char *paragh, char *buf, int size)
if (paragh)
paragh_len = strlen(paragh);
+ // Ensure we don't overflow buf: paragh_len + '_' + size + '\0'
if (paragh_len > 0)
{
memcpy(buf, paragh, paragh_len);
@@ -115,8 +116,9 @@ textblock_style_add(edit_data *ed, const char *style_name)
elm_entry_entry_insert(edit_entry, TEMPLATE_TEXTBLOCK_STYLE_BLOCK[0]);
}
- int buf_len = strlen(TEMPLATE_TEXTBLOCK_STYLE_BLOCK[1]) + strlen(style_name);
+ int buf_len = strlen(TEMPLATE_TEXTBLOCK_STYLE_BLOCK[1]) + strlen(style_name) + 1;
char *buf = malloc(buf_len);
+ if (!buf) return;
snprintf(buf, buf_len, TEMPLATE_TEXTBLOCK_STYLE_BLOCK[1], style_name);
elm_entry_entry_insert(edit_entry, p);
elm_entry_entry_insert(edit_entry, buf);
@@ -249,27 +251,27 @@ template_part_insert(edit_data *ed, Edje_Part_Type part_type,
case EDJE_PART_TYPE_RECTANGLE:
line_cnt = TEMPLATE_PART_RECT_LINE_CNT;
t = (char **) &TEMPLATE_PART_RECT;
- strncpy(type_name, "rect\0", 5);
+ snprintf(type_name, sizeof(type_name), "rect");
break;
case EDJE_PART_TYPE_TEXT:
line_cnt = TEMPLATE_PART_TEXT_LINE_CNT;
t = (char **) &TEMPLATE_PART_TEXT;
- strncpy(type_name, "text\0", 5);
+ snprintf(type_name, sizeof(type_name), "text");
break;
case EDJE_PART_TYPE_SWALLOW:
line_cnt = TEMPLATE_PART_SWALLOW_LINE_CNT;
t = (char **) &TEMPLATE_PART_SWALLOW;
- strncpy(type_name, "swallow\0", 8);
+ snprintf(type_name, sizeof(type_name), "swallow");
break;
case EDJE_PART_TYPE_TEXTBLOCK:
line_cnt = TEMPLATE_PART_TEXTBLOCK_LINE_CNT;
t = (char **) &TEMPLATE_PART_TEXTBLOCK;
- strncpy(type_name, "textblock\0", 10);
+ snprintf(type_name, sizeof(type_name), "textblock");
break;
case EDJE_PART_TYPE_SPACER:
line_cnt = TEMPLATE_PART_SPACER_LINE_CNT;
t = (char **) &TEMPLATE_PART_SPACER;
- strncpy(type_name, "spacer\0", 7);
+ snprintf(type_name, sizeof(type_name), "spacer");
break;
case EDJE_PART_TYPE_IMAGE:
case EDJE_PART_TYPE_NONE:
@@ -287,17 +289,17 @@ template_part_insert(edit_data *ed, Edje_Part_Type part_type,
case EDJE_PART_TYPE_LAST:
line_cnt = TEMPLATE_PART_IMAGE_LINE_CNT;
t = (char **) &TEMPLATE_PART_IMAGE;
- strncpy(type_name, "image\0", 6);
+ snprintf(type_name, sizeof(type_name), "image");
break;
}
//Insert first line of the part block with generated name.
- char first_line[40];
- char random_name[15];
+ char first_line[64];
+ char random_name[32];
template_random_string_create(type_name, random_name, 4);
elm_entry_entry_insert(edit_entry, p);
- snprintf(first_line, 40, "%s { \"%s\";<br/>", type_name, random_name);
+ snprintf(first_line, sizeof(first_line), "%s { \"%s\";<br/>", type_name, random_name);
elm_entry_entry_insert(edit_entry, first_line);
//Insert part body
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
