SLFO-pool/gnuplot
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
gnuplot/fix4bug1240327.patch

85 lines
3.7 KiB
Diff
Raw Permalink Blame History

commit b78cc829a18e9436daaa859c96f3970157f3171e
Author: Ethan A Merritt <merritt@u.washington.edu>
Date: Tue Jan 14 21:23:19 2025 -0800
use snprintf to protect against garbage user-supplied mouse format
Bug 2754
diff --git src/mouse.c src/mouse.c
index 4d1362130..95266738b 100644
--- src/mouse.c
+++ src/mouse.c
@@ -270,7 +270,7 @@ static void alert(void);
static void MousePosToGraphPosReal(int xx, int yy, double *x, double *y, double *x2, double *y2);
static char *xy_format(void);
static char *zoombox_format(void);
-static char *GetAnnotateString(char *s, double x, double y, int mode, char *fmt);
+static char *GetAnnotateString(char *s, size_t len, double x, double y, int mode, char *fmt);
static char *xDateTimeFormat(double x, char *b, int mode);
static void GetRulerString(char *p, double x, double y);
static void apply_zoom(struct t_zoom * z);
@@ -524,7 +524,7 @@ zoombox_format()
/* formats the information for an annotation (middle mouse button clicked)
*/
static char *
-GetAnnotateString(char *s, double x, double y, int mode, char *fmt)
+GetAnnotateString(char *s, size_t len, double x, double y, int mode, char *fmt)
{
if (axis_array[FIRST_X_AXIS].datatype == DT_DMS
|| axis_array[FIRST_Y_AXIS].datatype == DT_DMS) {
@@ -579,11 +579,11 @@ GetAnnotateString(char *s, double x, double y, int mode, char *fmt)
r = rmin + x/cos(phi);
if (fmt)
- sprintf(s, fmt, theta, r);
+ snprintf(s, len, fmt, theta, r);
else
sprintf(s, "theta: %.1f%s r: %g", theta, degree_sign, r);
} else if ((mode == MOUSE_COORDINATES_ALT) && fmt) {
- sprintf(s, fmt, x, y); /* user defined format */
+ snprintf(s, len, fmt, x, y); /* user defined format */
} else if (mode == MOUSE_COORDINATES_FUNCTION) {
/* EXPERIMENTAL !!! */
t_value original_x, original_y;
@@ -606,7 +606,7 @@ GetAnnotateString(char *s, double x, double y, int mode, char *fmt)
gpfree_string(&readout);
} else {
/* Default format ("set mouse mouseformat" is not active) */
- sprintf(s, xy_format(), x, y); /* usual x,y values */
+ snprintf(s, len, xy_format(), x, y); /* usual x,y values */
}
return s + strlen(s);
}
@@ -1020,10 +1020,10 @@ UpdateStatuslineWithMouseSetting(mouse_setting_t * ms)
strcat(format, ms->fmt);
strcat(format, ", ");
strcat(format, ms->fmt);
- sprintf(s0, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale);
+ snprintf(s0, 255, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale);
} else if (!TICS_ON(axis_array[SECOND_X_AXIS].ticmode) && !TICS_ON(axis_array[SECOND_Y_AXIS].ticmode)) {
/* only first X and Y axis are in use */
- sp = GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
+ sp = GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
if (ruler.on)
GetRulerString(sp, real_x, real_y);
} else {
@@ -2286,7 +2286,7 @@ event_buttonrelease(struct gp_event_t *ge)
* only place, if the user didn't drag (rotate) the plot */
if (!is_3d_plot || !motion) {
- GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
+ GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
term->set_clipboard(s0);
if (display_ipc_commands()) {
fprintf(stderr, "put `%s' to clipboard.\n", s0);
@@ -2302,7 +2302,7 @@ event_buttonrelease(struct gp_event_t *ge)
/* draw temporary annotation or label. For 3d plots this is
* only done if the user didn't drag (scale) the plot */
if (!is_3d_plot || !motion) {
- GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
+ GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
if (mouse_setting.label) {
if (modifier_mask & Mod_Ctrl) {
remove_label(mouse_x, mouse_y);
Reference in New Issue View Git Blame Copy Permalink