evas: fix for sscanf use with save flags input.

Summary: As 'flags' can be supplied by application, in case application is supplying a big string(error case), it can cause crash in some version of glibc. Setting maximum possible input (0x64) length as width specifier Fix for static code analyzer warnings - scanf without field width limits can crash with huge input data on some versions of libc Signed-off-by: Godly T.Alias <godlytalias@yahoo.co.in> Test Plan: Run SonarQube Reviewers: cedric, raster, Princekrdubey, rajeshps Reviewed By: cedric Subscribers: jpeg Differential Revision: https://phab.enlightenment.org/D5266 Signed-off-by: Cedric BAIL <cedric@osg.samsung.com>
2017-10-06 09:48:28 -07:00 · 2017-10-06 09:48:28 -07:00 · 10f26f143a
parent bc2fe6bb77
commit 10f26f143a
1 changed files with 2 additions and 2 deletions
--- a/src/lib/evas/canvas/evas_object_image.c
+++ b/src/lib/evas/canvas/evas_object_image.c
@ -900,8 +900,8 @@ _efl_canvas_image_internal_efl_file_save(const Eo *eo_obj, Evas_Image_Data *o, c
          {
             pp = strchr(p, ' ');
             if (pp) *pp = 0;
-             sscanf(p, "quality=%i", &quality);
-             sscanf(p, "compress=%i", &compress);
+             sscanf(p, "quality=%4i", &quality);
+             sscanf(p, "compress=%4i", &compress);
             sscanf(p, "encoding=%ms", &encoding);
             if (pp) p = pp + 1;
             else break;