[1.5] Fix issue with str_length not being used. Rewrite code to prefer use of vsnprintf to prevent potential buffer overflow.

author: Mathieu Malaterre <mathieu.malaterre@gmail.com> 2012-09-10 09:54:40 +0000
committer: Mathieu Malaterre <mathieu.malaterre@gmail.com> 2012-09-10 09:54:40 +0000
commit: c2f32bb48567d637205b656e9ac1e427e130a21c (patch)
tree: 3f1c062a2357698d1f005adc487019ce0e4d44a3 /libopenjpeg
parent: bba708462db8532d4e8600a87760116dbb6040ff (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/libopenjpeg/event.c b/libopenjpeg/event.c
index 0dc22f12..38db33a9 100644
--- a/libopenjpeg/event.c
+++ b/libopenjpeg/event.c
@@ -103,18 +103,17 @@ opj_bool opj_event_msg(opj_common_ptr cinfo, int event_type, const char *fmt, ..
 		va_list arg;
 		int str_length/*, i, j*/; /* UniPG */
 		char message[MSG_SIZE];
-		memset(message, 0, MSG_SIZE);
 		/* initialize the optional parameter list */
 		va_start(arg, fmt);
-		/* check the length of the format string */
-		str_length = (strlen(fmt) > MSG_SIZE) ? MSG_SIZE : strlen(fmt);
 		/* parse the format string and put the result in 'message' */
-		vsprintf(message, fmt, arg); /* UniPG */
+		str_length = vsnprintf(message, MSG_SIZE, fmt, arg); /* UniPG */
 		/* deinitialize the optional parameter list */
 		va_end(arg);
 
 		/* output the message to the user program */
-		msg_handler(message, cinfo->client_data);
+    if( str_length > -1 && str_length < MSG_SIZE )
+      msg_handler(message, cinfo->client_data);
+    else return OPJ_FALSE;
 	}
 
 	return OPJ_TRUE;
author	Mathieu Malaterre <mathieu.malaterre@gmail.com>	2012-09-10 09:54:40 +0000
committer	Mathieu Malaterre <mathieu.malaterre@gmail.com>	2012-09-10 09:54:40 +0000
commit	c2f32bb48567d637205b656e9ac1e427e130a21c (patch)
tree	3f1c062a2357698d1f005adc487019ce0e4d44a3 /libopenjpeg
parent	bba708462db8532d4e8600a87760116dbb6040ff (diff)