From 88920376ba25bac12f37003c5a810067352e8609 Mon Sep 17 00:00:00 2001 From: Kris De Gussem Date: Sun, 22 Jan 2012 09:33:53 +0100 Subject: cppcheck tells us: scanf without field width limits can crash with huge input data. (bzr r10918) --- src/sp-cursor.cpp | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'src/sp-cursor.cpp') diff --git a/src/sp-cursor.cpp b/src/sp-cursor.cpp index eb1e16888..7ccdaadbe 100644 --- a/src/sp-cursor.cpp +++ b/src/sp-cursor.cpp @@ -5,20 +5,21 @@ * Lauris Kaplinski * Jasper van de Gronde * Jon A. Cruz + * Kris De Gussem * * Copyright (C) 1999-2002 authors * Copyright (C) 2001-2002 Ximian, Inc. * Copyright (C) 2010 Jasper van de Gronde * Copyright (C) 2010 Jon A. Cruz + * Copyright (C) 2012 Kris De Gussem * * Released under GNU GPL, read the file 'COPYING' for more information */ -#include #include -#include -#include #include +#include + #include "color.h" #include "sp-cursor.h" @@ -28,7 +29,12 @@ void sp_cursor_bitmap_and_mask_from_xpm(GdkBitmap **bitmap, GdkBitmap **mask, gc int width = 0; int colors = 0; int pix = 0; - sscanf(xpm[0], "%d %d %d %d", &height, &width, &colors, &pix); + std::stringstream ss; + ss << xpm[0]; + ss >> height; + ss >> width; + ss >> colors; + ss >> pix; g_return_if_fail(height == 32); g_return_if_fail(width == 32); @@ -127,12 +133,13 @@ GdkPixbuf *sp_cursor_pixbuf_from_xpm(gchar const *const *xpm, GdkColor const& bl int width = 0; int colors = 0; int pix = 0; - sscanf(xpm[0], "%d %d %d %d", &height, &width, &colors, &pix); - - //g_return_if_fail (height == 32); - //g_return_if_fail (width == 32); - //g_return_if_fail (colors >= 3); - + std::stringstream ss (std::stringstream::in | std::stringstream::out); + ss << xpm[0]; + ss >> height; + ss >> width; + ss >> colors; + ss >> pix; + std::map colorMap; for (int i = 0; i < colors; i++) { -- cgit v1.2.3