fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-06-08 04:38:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

vfb: use snprintf when writing XWD window name

Browse source 
The window name buffer after XWDFileHeader is fixed at
XWD_WINDOW_NAME_LEN (60 bytes).  sprintf could overflow when
hostname is close to maximum length and combined with the
prefix "Xvfb " + display + screen number.

Switch to snprintf to guarantee we never write beyond the
allocated buffer.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2172>
This commit is contained in:
Mikhail Dmitrichenko 2026-04-13 12:18:03 +03:00 committed by Marge Bot
parent dd8b8cf49d
commit c017c9ffeb
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hw/vfb/InitOutput.c
View file

@ -749,8 +749,8 @@ vfbWriteXWDFileHeader(ScreenPtr pScreen)
hostname[0] = 0;
else
hostname[XWD_WINDOW_NAME_LEN - 1] = 0;
sprintf((char *) (pXWDHeader + 1), "Xvfb %s:%s.%d", hostname, display,
pScreen->myNum);
snprintf((char *) (pXWDHeader + 1), XWD_WINDOW_NAME_LEN, "Xvfb %s:%s.%d",
hostname, display, pScreen->myNum);
/* write colormap pixel slot values */