python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-12-28 10:56:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5567 from radarhere/sprintf

Browse Source 
Limit sprintf modes to 10 characters
This commit is contained in:
Andrew Murray 2021-07-01 12:57:13 +10:00 committed by GitHub
commit 31c473898c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/libImaging/Convert.c
View File

@ -1594,9 +1594,8 @@ convert(
#ifdef notdef #ifdef notdef
return (Imaging)ImagingError_ValueError("conversion not supported"); return (Imaging)ImagingError_ValueError("conversion not supported");
#else #else
static char buf[256]; static char buf[100];
/* FIXME: may overflow if mode is too large */ snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode);
return (Imaging)ImagingError_ValueError(buf); return (Imaging)ImagingError_ValueError(buf);
#endif #endif
} }
@ -1645,11 +1644,11 @@ ImagingConvertTransparent(Imaging imIn, const char *mode, int r, int g, int b) {
} }
#else #else
{ {
static char buf[256]; static char buf[100];
/* FIXME: may overflow if mode is too large */ snprintf(
sprintf(
buf, buf,
"conversion from %s to %s not supported in convert_transparent", 100,
"conversion from %.10s to %.10s not supported in convert_transparent",
imIn->mode, imIn->mode,
mode); mode);
return (Imaging)ImagingError_ValueError(buf); return (Imaging)ImagingError_ValueError(buf);