Commit db95e20b authored by Mukund Sivaraman's avatar Mukund Sivaraman

imagemap: Don't use strcpy() in unescape_text() (#649172)

strcpy() doesn't like overlapping strings and this causes other failures
in this unescaping code.

Also cleanup the code to follow our coding style.
parent bc8a6123
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
extern int csim_lex(void); extern int csim_lex(void);
extern int csim_restart(FILE *csim_in); extern int csim_restart(FILE *csim_in);
static void csim_error(char* s); static void csim_error(char* s);
static gchar* unescape_text(gchar *); static gchar * unescape_text(gchar *input);
static enum {UNDEFINED, RECTANGLE, CIRCLE, POLYGON} current_type; static enum {UNDEFINED, RECTANGLE, CIRCLE, POLYGON} current_type;
static Object_t *current_object; static Object_t *current_object;
...@@ -353,33 +353,44 @@ static gchar* ...@@ -353,33 +353,44 @@ static gchar*
unescape_text (gchar *input) unescape_text (gchar *input)
{ {
/* /*
* We "unescape" simple things "in place", knowing that unescaped strings always are * We "unescape" simple things "in place", knowing that unescaped
* shorter than the original input. * strings always are shorter than the original input.
* *
* It is a shame there is no g_markup_unescape_text() function, but instead you have * It is a shame there is no g_markup_unescape_text() function, but
* to create a full GMarkupParser/Context. * instead you have to create a full GMarkupParser/Context.
*/ */
struct token { struct token {
const char *enc, unenc; const char *escaped;
const char unescaped;
}; };
const struct token tab[] = { const struct token tab[] = {
{ """, '"' }, { """, '"' },
{ "'", '\'' }, { "'", '\'' },
{ "&", '&' }, { "&", '&' },
{ "&lt;", '<' }, { "&lt;", '<' },
{ "&gt;", '>' } { "&gt;", '>' }
}; };
size_t i;
for (i = 0; i < sizeof(tab)/sizeof(tab[0]); i++) { size_t i;
char *p; for (i = 0; i < (sizeof tab / sizeof tab[0]); i++)
for (p = strstr(input, tab[i].enc); p != NULL; p = strstr(p, tab[i].enc)) { {
*p++ = tab[i].unenc; const size_t escaped_len = strlen (tab[i].escaped);
strcpy(p, p + strlen(tab[i].enc)-1); char *p;
if (*p == 0)
break; /* FIXME: The following code does not perform a UTF-8 substring
search. */
for (p = strstr (input, tab[i].escaped);
p != NULL;
p = strstr (p, tab[i].escaped))
{
size_t copy_len;
*p++ = tab[i].unescaped;
copy_len = strlen (p) - escaped_len + 2;
memmove (p, p + escaped_len - 1, copy_len);
if (*p == 0)
break;
}
} }
}
return input; return input;
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment