From 8203c79678b4777837ce25b5d1f6fd328d4ef246 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Fri, 8 Apr 2016 11:34:53 +0100
Subject: [PATCH] Evas langauge: Prevent potential buffer overflow and clean
 code.

We were copying a user defined string into a fixed size buffer
without doing any boundary checks. This commit fixes that.
Also cleaned up similar code that was using hardcoded numbers.

@fix.
---
 src/lib/evas/common/language/evas_language_utils.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib/evas/common/language/evas_language_utils.c b/src/lib/evas/common/language/evas_language_utils.c
index f8b38b6abd..ce075a1534 100644
--- a/src/lib/evas/common/language/evas_language_utils.c
+++ b/src/lib/evas/common/language/evas_language_utils.c
@@ -145,8 +145,9 @@ evas_common_language_from_locale_get(void)
    if (locale && *locale)
      {
         char *itr;
-        strncpy(lang, locale, 5);
-        lang[5] = '\0';
+        const size_t size = sizeof(lang);
+        strncpy(lang, locale, size - 1);
+        lang[size - 1] = '\0';
         itr = lang;
         while (*itr)
           {
@@ -171,6 +172,7 @@ evas_common_language_from_locale_full_get(void)
    locale = setlocale(LC_MESSAGES, NULL);
    if (locale && *locale)
      {
+        const size_t size = sizeof(lang_full);
         size_t i;
         for (i = 0 ; locale[i] ; i++)
           {
@@ -178,6 +180,12 @@ evas_common_language_from_locale_full_get(void)
              if ((c == '.') || (c == '@') || (c == ' ')) /* Looks like en_US.UTF8 or de_DE@euro or aa_ER UTF-8*/
                 break;
           }
+
+        if (i >= size)
+          {
+             i = size - 1;
+          }
+
         strncpy(lang_full, locale, i);
         lang_full[i] = '\0';
         return lang_full;