Code currently returns a fatal error if it tries to add more entries than the array has room for, but it wasn't checking to make sure the final null terminator entry would fit. Reported by parfait 1.3: Error: Buffer overrun Buffer overflow (CWE 120): In array dereference of files[i] with index i Array size is 256 elements (of 4 bytes each), index >= 0 and index <= 256 at line 250 of fc-glyphname/fc-glyphname.c in function 'main'. Error: Buffer overrun Buffer overflow (CWE 120): In array dereference of entries[i] with index i Array size is 1024 elements (of 8 bytes each), index >= 0 and index <= 1024 at line 298 of fc-lang/fc-lang.c in function 'main'. Signed-off-by: Alan Coopersmith <alan.coopersmith@xxxxxxxxxx> --- fc-glyphname/fc-glyphname.c | 2 +- fc-lang/fc-lang.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fc-glyphname/fc-glyphname.c b/fc-glyphname/fc-glyphname.c index 8402781..078490a 100644 --- a/fc-glyphname/fc-glyphname.c +++ b/fc-glyphname/fc-glyphname.c @@ -233,7 +233,7 @@ dump (FcGlyphName * const *table, const char *name) int main (int argc FC_UNUSED, char **argv) { - char *files[MAX_GLYPHFILE]; + char *files[MAX_GLYPHFILE + 1]; char line[1024]; FILE *f; int i; diff --git a/fc-lang/fc-lang.c b/fc-lang/fc-lang.c index 0f4217f..38fc697 100644 --- a/fc-lang/fc-lang.c +++ b/fc-lang/fc-lang.c @@ -254,7 +254,7 @@ static int compare (const void *a, const void *b) int main (int argc FC_UNUSED, char **argv) { - static Entry entries[MAX_LANG]; + static Entry entries[MAX_LANG + 1]; static FcCharSet *sets[MAX_LANG]; static int duplicate[MAX_LANG]; static int country[MAX_LANG]; -- 1.7.9.2 _______________________________________________ Fontconfig mailing list Fontconfig@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/fontconfig