Fix buffer overflow in ns_get_color.

* nsterm.m (ns_get_color): Fix buffer overflow (Bug#4763).
author: Chong Yidong 2010-01-01 17:10:50 -0500
committer: Chong Yidong 2010-01-01 17:10:50 -0500
commit: 87231e2cfe2cc4317f8150eba2b94b4f0c676886 (patch)
tree: 09c4e248688f2854fa3941866a101abdf2e39a17 /src
parent: bd0948ca04f23af37c42b2f9beac3b11ea926b8d (diff)
download: emacs-87231e2cfe2cc4317f8150eba2b94b4f0c676886.tar.gz
emacs-87231e2cfe2cc4317f8150eba2b94b4f0c676886.zip
2 files changed, 4 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 73000341f68..d6e7f2c9791 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2010-01-01  Chong Yidong  <cyd@stupidchicken.com>
+        * nsterm.m (ns_get_color): Fix buffer overflow (Bug#4763).
        * lread.c (syms_of_lread): Make it clearer that these are the
        names of loaded files (Bug#5068).
diff --git a/src/nsterm.m b/src/nsterm.m
index 9256c084e28..2eebbf86643 100644
--- a/src/nsterm.m
+++ b/src/nsterm.m
@@ -1346,7 +1346,8 @@ ns_get_color (const char *name, NSColor **col)
    }
  else if (!strncmp(name, "rgb:", 4))  /* A newer X11 format -- rgb:r/g/b */
    {
-      strcpy(hex, name + 4);
+      strncpy (hex, name + 4, 19);
+      hex[19] = '\0';
      scaling = (strlen(hex) - 2) / 3;
    }
  else if (name[0] == '#')        /* An old X11 format; convert to newer */
author	Chong Yidong	2010-01-01 17:10:50 -0500
committer	Chong Yidong	2010-01-01 17:10:50 -0500
commit	87231e2cfe2cc4317f8150eba2b94b4f0c676886 (patch)
tree	09c4e248688f2854fa3941866a101abdf2e39a17 /src
parent	bd0948ca04f23af37c42b2f9beac3b11ea926b8d (diff)
download	emacs-87231e2cfe2cc4317f8150eba2b94b4f0c676886.tar.gz emacs-87231e2cfe2cc4317f8150eba2b94b4f0c676886.zip