← Back to branch summary

~ubuntu-branches/ubuntu/utopic/gimp/utopic

« back to all changes in this revision

Viewing changes to plug-ins/lighting/lighting-ui.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2011-04-07 10:40:22 UTC
  • Revision ID: package-import@ubuntu.com-20110407104022-ka90cx60lwrf9ro7
Tags: 2.6.11-1ubuntu6
* SECURITY UPDATE: denial of service and possible code execution via
  malformed plugin configuration files
  - debian/patches/05_CVE-2010-454x.patch: fix format strings in
    plug-ins/{common/sphere-designer,gfig/gfig-style,
    lighting/lighting-ui}.c.
  - CVE-2010-4540
  - CVE-2010-4541
  - CVE-2010-4542
* SECURITY UPDATE: denial of service and possible code execution via
  malformed PSP image file
  - debian/patches/06_CVE-2010-4543.patch: fix buffer overflow in
    plug-ins/common/file-psp.c.
  - CVE-2010-4543

Show diffs side-by-side

added added

removed removed

Lines of Context:
plug-ins/lighting/lighting-ui.c
1342
1342
  gchar          buffer3[G_ASCII_DTOSTR_BUF_SIZE];
1343
1343
  gchar          type_label[21];
1344
1344
  gchar         *endptr;
 
1345
  gchar          fmt_str[32];
1345
1346
 
1346
1347
  if (response_id == GTK_RESPONSE_OK)
1347
1348
    {
1381
1382
                  return;
1382
1383
                }
1383
1384
 
1384
 
              fscanf (fp, " Position: %s %s %s", buffer1, buffer2, buffer3);
 
1385
              snprintf (fmt_str, sizeof (fmt_str),
 
1386
                        " Position: %%%lds %%%lds %%%lds",
 
1387
                        sizeof (buffer1) - 1,
 
1388
                        sizeof (buffer2) - 1,
 
1389
                        sizeof (buffer3) - 1);
 
1390
              fscanf (fp, fmt_str, buffer1, buffer2, buffer3);
1385
1391
              source->position.x = g_ascii_strtod (buffer1, &endptr);
1386
1392
              source->position.y = g_ascii_strtod (buffer2, &endptr);
1387
1393
              source->position.z = g_ascii_strtod (buffer3, &endptr);
1388
1394
 
1389
 
              fscanf (fp, " Direction: %s %s %s", buffer1, buffer2, buffer3);
 
1395
              snprintf (fmt_str, sizeof (fmt_str),
 
1396
                        " Direction: %%%lds %%%lds %%%lds",
 
1397
                        sizeof (buffer1) - 1,
 
1398
                        sizeof (buffer2) - 1,
 
1399
                        sizeof (buffer3) - 1);
 
1400
              fscanf (fp, fmt_str, buffer1, buffer2, buffer3);
1390
1401
              source->direction.x = g_ascii_strtod (buffer1, &endptr);
1391
1402
              source->direction.y = g_ascii_strtod (buffer2, &endptr);
1392
1403
              source->direction.z = g_ascii_strtod (buffer3, &endptr);
1393
1404
 
1394
 
              fscanf (fp, " Color: %s %s %s", buffer1, buffer2, buffer3);
 
1405
              snprintf (fmt_str, sizeof (fmt_str),
 
1406
                        " Color: %%%lds %%%lds %%%lds",
 
1407
                        sizeof (buffer1) - 1,
 
1408
                        sizeof (buffer2) - 1,
 
1409
                        sizeof (buffer3) - 1);
 
1410
              fscanf (fp, fmt_str, buffer1, buffer2, buffer3);
1395
1411
              source->color.r = g_ascii_strtod (buffer1, &endptr);
1396
1412
              source->color.g = g_ascii_strtod (buffer2, &endptr);
1397
1413
              source->color.b = g_ascii_strtod (buffer3, &endptr);
1398
1414
              source->color.a = 1.0;
1399
1415
 
1400
 
              fscanf (fp, " Intensity: %s", buffer1);
 
1416
              snprintf (fmt_str, sizeof (fmt_str),
 
1417
                        " Intensity: %%%lds",
 
1418
                        sizeof (buffer1) - 1);
 
1419
              fscanf (fp, fmt_str, buffer1);
1401
1420
              source->intensity = g_ascii_strtod (buffer1, &endptr);
1402
1421
 
1403
1422
            }