Attachment 306797 Details for Bug 448541 – Patch

[patch] Patch

CVE-2008-1109.patch (text/plain), 1.41 KB, created by Matthew Barnes on 2008-05-27 16:55:45 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Matthew Barnes

Created: 2008-05-27 16:55:45 UTC

Size: 1.41 KB

patch

obsolete

>Index: calendar/gui/itip-utils.c
>===================================================================
>--- calendar/gui/itip-utils.c	(revision 35555)
>+++ calendar/gui/itip-utils.c	(working copy)
>@@ -172,50 +172,16 @@ get_attendee_if_attendee_sentby_is_user 
> }
> 
> static char *
>-html_new_lines_for (char *string)
>+html_new_lines_for (const char *string)
> {
>-	char *html_string = (char *) malloc (sizeof (char)* (3500));
>-	int length = strlen (string);
>-	int index = 0;
>-	char *index_ptr = string;
>-	char *temp = string;
>+	gchar **lines;
>+	gchar *joined;
> 
>-	/*Find the first occurence*/
>-	index_ptr = strstr ((const char *)temp, "\n");
>+	lines = g_strsplit_set (string, "\n", -1);
>+	joined = g_strjoinv ("<br>", lines);
>+	g_strfreev (lines);
> 
>-	/*Doesn't occur*/
>-	if (index_ptr == NULL) {
>-		strcpy (html_string, (const char *)string);
>-		html_string[length] = '\0';
>-		return html_string;
>-	}
>-
>-	/*Split into chunks inserting <br> for \n */
>-	do{
>-		while (temp != index_ptr){
>-			html_string[index++] = *temp;
>-			temp++;
>-		}
>-		temp++;
>-
>-		html_string[index++] = '<';
>-		html_string[index++] = 'b';
>-		html_string[index++] = 'r';
>-		html_string[index++] = '>';
>-
>-		index_ptr = strstr ((const char *)temp, "\n");
>-
>-	} while (index_ptr);
>-
>-	/*Don't leave out the last chunk*/
>-	while (*temp != '\0'){
>-		html_string[index++] = *temp;
>-		temp++;
>-	}
>-
>-	html_string[index] = '\0';
>-
>-	return html_string;
>+	return joined;
> }
> 
> char *

Actions: View | Diff

Attachments on bug 448541: 306797