From: Chong Yidong <cyd@stupidchicken.com>
Date: Fri, 1 Jan 2010 22:10:50 +0000 (-0500)
Subject: Fix buffer overflow in ns_get_color.
X-Git-Tag: archive/raspbian/1%29.2+1-2+rpi1~1^2~324^2~8818
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:/?a=commitdiff_plain;h=b78fbc7f07b1a0316332b4f9ee77a36452270b27;p=emacs.git

Fix buffer overflow in ns_get_color.
* nsterm.m (ns_get_color): Fix buffer overflow (Bug#4763).
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 2dc4977f2cc..5b0ad7678d6 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2010-01-01  Chong Yidong  <cyd@stupidchicken.com>
 
+	* nsterm.m (ns_get_color): Fix buffer overflow (Bug#4763).
+
 	* lread.c (syms_of_lread): Make it clearer that these are the
 	names of loaded files (Bug#5068).
 
diff --git a/src/nsterm.m b/src/nsterm.m
index 9256c084e28..2eebbf86643 100644
--- a/src/nsterm.m
+++ b/src/nsterm.m
@@ -1346,7 +1346,8 @@ ns_get_color (const char *name, NSColor **col)
     }
   else if (!strncmp(name, "rgb:", 4))  /* A newer X11 format -- rgb:r/g/b */
     {
-      strcpy(hex, name + 4);
+      strncpy (hex, name + 4, 19);
+      hex[19] = '\0';
       scaling = (strlen(hex) - 2) / 3;
     }
   else if (name[0] == '#')        /* An old X11 format; convert to newer */