Page MenuHomePhabricator

enlightenment-0.22.0/src/bin/e_intl.c: unbounded file read ?
Closed, ResolvedPublic

Description

[enlightenment-0.22.0/src/bin/e_intl.c:588]: (warning) fscanf() without field width limits can crash with huge input data.

Source code is

char alias[4096], locale[4096];

/* read locale alias lines */
while (fscanf(f, "%4090s %[^\n]\n", alias, locale) == 2)

Suggest limit on locale as well as alias.

[enlightenment-0.22.0/src/bin/e_intl.c:876]: (warning) fscanf() without field width limits can crash with huge input data.

while (fscanf(output, "%[^\n]\n", line) == 1)

Duplicate.