display: Fix buffer overflow issues in do_labels.c

OSGeo · Jul 12, 2024 · 4cdbcef · 4cdbcef
1 parent d31afbd
commit 4cdbcef
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/display/d.labels/do_labels.c b/display/d.labels/do_labels.c
@@ -84,7 +84,7 @@ int do_labels(FILE *infile, int do_rotation)
         else if (!strncmp(text, "yof", 3))
             sscanf(text, "%*s %d", &yoffset);
         else if (!strncmp(text, "col", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, "%*s %127s", buff);
             set_RGBA_from_str(&color, buff);
         }
         else if (!strncmp(text, "siz", 3))
@@ -94,15 +94,15 @@ int do_labels(FILE *infile, int do_rotation)
         else if (!strncmp(text, "wid", 3))
             sscanf(text, "%*s %lf", &width);
         else if (!strncmp(text, "bac", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, "%*s %127s", buff);
             set_RGBA_from_str(&background, buff);
         }
         else if (!strncmp(text, "bor", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, "%*s %127s", buff);
             set_RGBA_from_str(&border, buff);
         }
         else if (!strncmp(text, "opa", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, "%*s %127s", buff);
             if (!strncmp(buff, "YES", 3))
                 opaque = YES;
             else
@@ -115,15 +115,15 @@ int do_labels(FILE *infile, int do_rotation)
             }
         }
         else if (!strncmp(text, "fon", 3)) {
-            if (sscanf(text, "%*s %s", font) != 1 || !strcmp(font, "standard"))
+            if (sscanf(text, "%*s %255s", font) != 1 || !strcmp(font, "standard"))
                 strcpy(font, std_font);
         }
         else if (!strncmp(text, "rot", 3)) {
             if (do_rotation)
                 sscanf(text, "%*s %lf", &rotation);
         }
         else if (!strncmp(text, "hco", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, "%*s %127s", buff);
             set_RGBA_from_str(&highlight_color, buff);
         }
         else if (!strncmp(text, "hwi", 3))
@@ -452,7 +452,7 @@ int scan_ref(char *buf)
         if (buf[i] >= 'A' && buf[i] <= 'Z')
             buf[i] += 'a' - 'A';
     xref = yref = CENT;
-    switch (sscanf(buf, "%s%s", word1, word2)) {
+    switch (sscanf(buf, "%49s%49s", word1, word2)) {
     case 2:
         if (!(xmatch(word2) || ymatch(word2)))
             return 0;