* gtkutil.c (xg_check_special_colors, xg_set_geometry):

Make sprintf buffers a bit bigger, to avoid potential buffer overrun.

2 files changed, 5 insertions, 2 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index 91bcaebb7bb..adf9bb244b8 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -62,6 +62,9 @@
         use SAFE_ALLOCA.  Use esprintf, not sprintf, in case result does
         not fit in int.
 
+        * gtkutil.c (xg_check_special_colors, xg_set_geometry):
+        Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
         Integer and memory overflow issues (Bug#9196).
diff --git a/src/gtkutil.c b/src/gtkutil.c
index c39119c8151..5f23d597329 100644
--- a/src/gtkutil.c
+++ b/src/gtkutil.c
@@ -567,7 +567,7 @@ xg_check_special_colors (struct frame *f,
     GtkStyleContext *gsty
       = gtk_widget_get_style_context (FRAME_GTK_OUTER_WIDGET (f));
     GdkRGBA col;
-    char buf[64];
+    char buf[sizeof "rgbi://" + 3 * (DBL_MAX_10_EXP + sizeof "-1.000000" - 1)];
     int state = GTK_STATE_FLAG_SELECTED|GTK_STATE_FLAG_FOCUSED;
     if (get_fg)
       gtk_style_context_get_color (gsty, state, &col);
@@ -797,7 +797,7 @@ xg_set_geometry (FRAME_PTR f)
       int xneg = f->size_hint_flags & XNegative;
       int top = f->top_pos;
       int yneg = f->size_hint_flags & YNegative;
-      char geom_str[32];
+      char geom_str[sizeof "=x--" + 4 * INT_STRLEN_BOUND (int)];
 
       if (xneg)
         left = -left;