pidgin.2.5.5.veracode: c3e97f0c: Make sure we call atoi on a NUL-terminat...

[datallah at pidgin.im]

-----------------------------------------------------------------
Revision: c3e97f0c59047cf2f3d7502c6e8eae4070811408
Ancestor: 5de39b1419de0a9a28ed05337206a356500c5581
Author: datallah at pidgin.im
Date: 2009-05-02T19:50:13
Branch: im.pidgin.pidgin.2.5.5.veracode
URL: http://d.pidgin.im/viewmtn/revision/info/c3e97f0c59047cf2f3d7502c6e8eae4070811408

Modified files:
        libpurple/protocols/qq/utils.c

ChangeLog: 

Make sure we call atoi on a NUL-terminated string.  It isn't safe to call on
a pointer to a single char.
This came out of the veracode analysis.

-------------- next part --------------
============================================================
--- libpurple/protocols/qq/utils.c	72dee5ecaa368cfff52f6850e79cfd32cdb62a63
+++ libpurple/protocols/qq/utils.c	b5b0e40b2d3a9778dccc3b573d02f81b9a39efeb
@@ -222,7 +222,8 @@ guint8 *hex_str_to_bytes(const gchar *co
  * The return should be freed later. */
 guint8 *hex_str_to_bytes(const gchar *const buffer, gint *out_len)
 {
-	gchar *hex_str, *hex_buffer, *cursor, tmp;
+	gchar *hex_str, *hex_buffer, *cursor;
+	gchar tmp[2];
 	guint8 *bytes, nibble1, nibble2;
 	gint index;
 
@@ -242,7 +243,9 @@ guint8 *hex_str_to_bytes(const gchar *co
 	index = 0;
 	for (cursor = hex_str; cursor < hex_str + sizeof(gchar) * (strlen(hex_str)) - 1; cursor++) {
 		if (g_ascii_isdigit(*cursor)) {
-			tmp = *cursor; nibble1 = atoi(&tmp);
+			tmp[0] = *cursor;
+			tmp[1] = '\0';
+			nibble1 = atoi(tmp);
 		} else if (g_ascii_isalpha(*cursor) && (gint) *cursor - 87 < 16) {
 			nibble1 = (gint) *cursor - 87;
 		} else {
@@ -254,7 +257,9 @@ guint8 *hex_str_to_bytes(const gchar *co
 		nibble1 = nibble1 << 4;
 		cursor++;
 		if (g_ascii_isdigit(*cursor)) {
-			tmp = *cursor; nibble2 = atoi(&tmp);
+			tmp[0] = *cursor;
+			tmp[1] = '\0';
+			nibble2 = atoi(tmp);
 		} else if (g_ascii_isalpha(*cursor) && (gint) (*cursor - 87) < 16) {
 			nibble2 = (gint) *cursor - 87;
 		} else {