It is necessary to prevent buffer overflow by limiting
the maximum string length.
Found with the SVACE static analysis tool.
---
V1 -> V2: use "%36s[^:]" instead of calculating the string length
src/settings.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/settings.c b/src/settings.c
index 643a083db..371649395 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -232,7 +232,7 @@ static int gatt_db_load(struct gatt_db *db, GKeyFile *key_file, char **keys)
value = g_key_file_get_string(key_file, "Attributes", *handle,
NULL);
- if (!value || sscanf(value, "%[^:]:", type) != 1) {
+ if (!value || sscanf(value, "%36[^:]:", type) != 1) {
g_free(value);
return -EIO;
}
@@ -255,7 +255,7 @@ static int gatt_db_load(struct gatt_db *db, GKeyFile *key_file, char **keys)
value = g_key_file_get_string(key_file, "Attributes", *handle,
NULL);
- if (!value || sscanf(value, "%[^:]:", type) != 1) {
+ if (!value || sscanf(value, "%36[^:]:", type) != 1) {
g_free(value);
return -EIO;
}
--
2.34.1
