kimcinoo
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ecore x vsync - be more conservative about DISPLAY string src 

i hope this addresses CID 1229131 - don't trust the DISPLAY var
content much at all - limit it to [a-z][A-Z][0-9][-] only. hopefully
coverity is happier.
This commit is contained in:
Carsten Haitzler 2014-08-13 18:10:58 +09:00
parent 6f0f046b83
commit e430ee9467
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/lib/ecore_x/ecore_x_vsync_tool.c
View File

@ -239,7 +239,9 @@ _svr_init(void)
snprintf(buf, sizeof(buf), "ecore-x-vsync-%s", disp);
for (s = buf; *s; s++)
{
if (*s == ':') *s = '=';
if (!(((*s >= 'a') && (*s <= 'z')) ||
((*s >= 'A') && (*s <= 'Z')) ||
((*s >= '0') && (*s <= '9')))) *s = '-';
}
svr = ecore_con_server_add(ECORE_CON_LOCAL_USER, buf, 1, NULL);
if (!svr) exit(0);

4
src/lib/ecore_x/xlib/ecore_x_vsync.c
View File

@ -497,7 +497,9 @@ _glvsync_animator_tick_source_set(void)
snprintf(buf, sizeof(buf), "ecore-x-vsync-%s", disp);
for (s = buf; *s; s++)
{
if (*s == ':') *s = '=';
if (!(((*s >= 'a') && (*s <= 'z')) ||
((*s >= 'A') && (*s <= 'Z')) ||
((*s >= '0') && (*s <= '9')))) *s = '-';
}
vsync_server = ecore_con_server_connect(ECORE_CON_LOCAL_USER, buf, 1, NULL);
if (!vsync_server)