From 8ffe8af9da03cffe8a57cb9c7878d19b8ea8d14c Mon Sep 17 00:00:00 2001 From: matthieu Date: Sat, 3 Jan 2015 16:13:16 +0000 Subject: [PATCH] Fix buffer overflow in copying PS name As reported on the fontconfig mailing list by Tanel Liiv. Found using American Fuzzy Lop. Upstream patch adapted to use strlcpy(). --- dist/fontconfig/src/fcfreetype.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/fontconfig/src/fcfreetype.c b/dist/fontconfig/src/fcfreetype.c index d271d69e2..4b2d1d188 100644 --- a/dist/fontconfig/src/fcfreetype.c +++ b/dist/fontconfig/src/fcfreetype.c @@ -1391,7 +1391,7 @@ FcFreeTypeQueryFace (const FT_Face face, } else { - strcpy (psname, tmp); + strlcpy (psname, tmp, sizeof(psname)); } if (!FcPatternAddString (pat, FC_POSTSCRIPT_NAME, (const FcChar8 *)psname)) goto bail1;