From baf50cec89d10055217a3bb210d389694fb1d389 Mon Sep 17 00:00:00 2001
From: Vincent Sanders <vince@netsurf-browser.org>
Date: Thu, 25 Oct 2012 11:12:41 +0100
Subject: make image content handlers title setting use the heap instead of the
 stack and remove the possibility of buffer overruns

---
 image/bmp.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'image/bmp.c')

diff --git a/image/bmp.c b/image/bmp.c
index 5af042d3e..946bca83b 100644
--- a/image/bmp.c
+++ b/image/bmp.c
@@ -132,7 +132,7 @@ static bool nsbmp_convert(struct content *c)
 	uint32_t swidth;
 	const char *data;
 	unsigned long size;
-	char title[512];
+	char *title;
 
 	/* set the bmp data */
 	data = content__get_source_data(c, &size);
@@ -156,15 +156,19 @@ static bool nsbmp_convert(struct content *c)
 	/* Store our content width and description */
 	c->width = bmp->bmp->width;
 	c->height = bmp->bmp->height;
-	LOG(("BMP      width %u       height %u", c->width, c->height));
-	snprintf(title, sizeof(title), messages_get("BMPTitle"),
-			nsurl_access_leaf(llcache_handle_get_url(c->llcache)),
-			c->width, c->height);
-	content__set_title(c, title);
 	swidth = bmp->bmp->bitmap_callbacks.bitmap_get_bpp(bmp->bmp->bitmap) * 
 			bmp->bmp->width;
 	c->size += (swidth * bmp->bmp->height) + 16 + 44;
 
+	/* set title text */
+	title = messages_get_buff("BMPTitle",
+			nsurl_access_leaf(llcache_handle_get_url(c->llcache)),
+			c->width, c->height);
+	if (title != NULL) {
+		content__set_title(c, title);
+		free(title);
+	}
+
 	/* exit as a success */
 	bmp->bitmap = bmp->bmp->bitmap;
 	bitmap_modified(bmp->bitmap);
-- 
cgit v1.2.3