From fb92dea72cea64e32743dffdcc3a382e64153935 Mon Sep 17 00:00:00 2001
From: Kurt Schwehr <schwehr@google.com>
Date: Tue, 29 May 2018 22:33:36 -0700
Subject: Ensure that operations are less than MAX_OPERATION long.

Buffer overflow found with autofuzz.
---
 src/gie.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/gie.c b/src/gie.c
index d5c5ee8b..6cd9f05e 100644
--- a/src/gie.c
+++ b/src/gie.c
@@ -170,8 +170,10 @@ static const char *err_const_from_errno (int err);
 
 #define SKIP -1
 
+#define MAX_OPERATION 10000
+
 typedef struct {
-    char operation[10000];
+    char operation[MAX_OPERATION+1];
     PJ *P;
     PJ_COORD a, b, c, e;
     PJ_DIRECTION dir;
@@ -552,7 +554,8 @@ either a conversion or a transformation)
 
     T.operation_lineno = F->lineno;
 
-    strcpy (&(T.operation[0]), F->args);
+    strncpy (&(T.operation[0]), F->args, MAX_OPERATION);
+    T.operation[MAX_OPERATION] = '\0';
 
     if (T.verbosity > 1) {
         finish_previous_operation (F->args);
-- 
cgit v1.2.3