d.labels: Fix buffer overflow issues in do_labels.c

display/d.labels/do_labels.c

@@ -7,18 +7,22 @@
 #include <grass/glocale.h>
 #include "local_proto.h"
 
-#define NL    012
-#define TAB   011
-#define BACK  0134
-#define MTEXT 1024
-
-#define TOP   0
-#define CENT  1
-#define BOT   2
-#define LEFT  0
-#define RITE  2
-#define YES   1
-#define NO    0
+#define NL       012
+#define TAB      011
+#define BACK     0134
+#define MTEXT    1024
+
+#define TOP      0
+#define CENT     1
+#define BOT      2
+#define LEFT     0
+#define RITE     2
+#define YES      1
+#define NO       0
+
+#define BUFFSIZE 128
+#define FONTSIZE 256
+#define WORDSIZE 50
 
 static double east;
 static double north;
@@ -33,9 +37,13 @@ static int highlight_width;
 static int opaque;
 static double width, rotation;
 static char text[MTEXT];
-static char font[256];
+static char font[FONTSIZE];
 static const char *std_font;
 
+static char buff_fmt[10];
+static char font_fmt[10];
+static char word_fmt[10];
+
 static int ymatch(char *);
 static int xmatch(char *);
 
@@ -67,7 +75,11 @@ int initialize_options(void)
 
 int do_labels(FILE *infile, int do_rotation)
 {
-    char buff[128];
+    char buff[BUFFSIZE];
+
+    snprintf(buff_fmt, sizeof(buff_fmt), "%%*s %%%ds", BUFFSIZE - 1);
+    snprintf(font_fmt, sizeof(font_fmt), "%%*s %%%ds", FONTSIZE - 1);
+    snprintf(word_fmt, sizeof(word_fmt), "%%%ds %%%ds", WORDSIZE - 1, WORDSIZE - 1);
 
     initialize_options();
 
@@ -84,7 +96,7 @@ int do_labels(FILE *infile, int do_rotation)
         else if (!strncmp(text, "yof", 3))
             sscanf(text, "%*s %d", &yoffset);
         else if (!strncmp(text, "col", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, buff_fmt, buff);
             set_RGBA_from_str(&color, buff);
         }
         else if (!strncmp(text, "siz", 3))
@@ -94,15 +106,15 @@ int do_labels(FILE *infile, int do_rotation)
         else if (!strncmp(text, "wid", 3))
             sscanf(text, "%*s %lf", &width);
         else if (!strncmp(text, "bac", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, buff_fmt, buff);
             set_RGBA_from_str(&background, buff);
         }
         else if (!strncmp(text, "bor", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, buff_fmt, buff);
             set_RGBA_from_str(&border, buff);
         }
         else if (!strncmp(text, "opa", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, buff_fmt, buff);
             if (!strncmp(buff, "YES", 3))
                 opaque = YES;
             else
@@ -115,15 +127,16 @@ int do_labels(FILE *infile, int do_rotation)
             }
         }
         else if (!strncmp(text, "fon", 3)) {
-            if (sscanf(text, "%*s %s", font) != 1 || !strcmp(font, "standard"))
+            if (sscanf(text, font_fmt, font) != 1 || !strcmp(font, "standard"))
+
                 strcpy(font, std_font);
         }
         else if (!strncmp(text, "rot", 3)) {
             if (do_rotation)
                 sscanf(text, "%*s %lf", &rotation);
         }
         else if (!strncmp(text, "hco", 3)) {
-            sscanf(text, "%*s %s", buff);
+            sscanf(text, buff_fmt, buff);
             set_RGBA_from_str(&highlight_color, buff);
         }
         else if (!strncmp(text, "hwi", 3))
@@ -452,7 +465,8 @@ int scan_ref(char *buf)
         if (buf[i] >= 'A' && buf[i] <= 'Z')
             buf[i] += 'a' - 'A';
     xref = yref = CENT;
-    switch (sscanf(buf, "%s%s", word1, word2)) {
+
+    switch (sscanf(buf, word_fmt, word1, word2)) {
     case 2:
         if (!(xmatch(word2) || ymatch(word2)))
             return 0;
@@ -461,6 +475,7 @@ int scan_ref(char *buf)
         if (xmatch(word1) || ymatch(word1))
             return 1;
         FALLTHROUGH;
+    case EOF:
     default:
         return 0;
     }