jp3d/jpwl convert: fix write stack buffer overflow

Missing buffer length formatter in fscanf call might lead to write stack buffer overflow. fixes #1044 (CVE-2017-17480)
author: Hugo Lefeuvre <hle@debian.org> 2018-10-22 16:59:41 +0200
committer: Hugo Lefeuvre <hle@debian.org> 2018-11-01 09:05:26 +0100
commit: 0bc90e4062a5f9258c91eca018c019b179066c62 (patch)
tree: 2e1cc6c8732e3787244c47a3a2ab6944cc34ced1 /src/bin/jp3d
parent: 0e6a5553cfef21b764d289585af2c6934a95456b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/bin/jp3d/convert.c b/src/bin/jp3d/convert.c
index 23fd70b0..acad8f82 100644
--- a/src/bin/jp3d/convert.c
+++ b/src/bin/jp3d/convert.c
@@ -297,8 +297,8 @@ opj_volume_t* pgxtovolume(char *relpath, opj_cparameters_t *parameters)
         fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]);
 
         fseek(f, 0, SEEK_SET);
-        fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2,
-               signtmp, &prec, temp, &w, temp, &h);
+        fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
+               &endian2, signtmp, &prec, temp, &w, temp, &h);
 
         i = 0;
         sign = '+';
author	Hugo Lefeuvre <hle@debian.org>	2018-10-22 16:59:41 +0200
committer	Hugo Lefeuvre <hle@debian.org>	2018-11-01 09:05:26 +0100
commit	0bc90e4062a5f9258c91eca018c019b179066c62 (patch)
tree	2e1cc6c8732e3787244c47a3a2ab6944cc34ced1 /src/bin/jp3d
parent	0e6a5553cfef21b764d289585af2c6934a95456b (diff)