Skip to content

Commit 6ed0077

Browse files
committed
writet1 protection against buffer overflow
git-svn-id: svn://tug.org/texlive/trunk/Build/source@48697 c570f23f-e606-0410-a88d-b1316a301751
1 parent 05b9546 commit 6ed0077

File tree

6 files changed

+20
-0
lines changed

6 files changed

+20
-0
lines changed

Diff for: texk/dvipsk/ChangeLog

+5
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
2018-09-18 Nick Roessler <nicholas.e.roessler@gmail.com>
2+
3+
* writet1.c (t1_check_unusual_charstring): protect against buffer
4+
overflow.
5+
16
2018-04-14 Karl Berry <karl@tug.org>
27

38
* Version 5.998 for TeX Live 2018 release.

Diff for: texk/dvipsk/writet1.c

+2
Original file line numberDiff line numberDiff line change
@@ -1449,7 +1449,9 @@ static void t1_check_unusual_charstring(void)
14491449
*(strend(t1_buf_array) - 1) = ' ';
14501450

14511451
t1_getline();
1452+
alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
14521453
strcat(t1_buf_array, t1_line_array);
1454+
alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
14531455
strcpy(t1_line_array, t1_buf_array);
14541456
t1_line_ptr = eol(t1_line_array);
14551457
}

Diff for: texk/web2c/luatexdir/ChangeLog

+4
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
2018-09-18 Nick Roessler <nicholas.e.roessler@gmail.com>
2+
* fonts/writet1.w (t1_check_unusual_charstring): protect against
3+
buffer overflow.
4+
15
2018-08-27 Luigi Scarso <luigi.scarso@gmail.com>
26
* dropped dependency from gmp and mpfr
37

Diff for: texk/web2c/luatexdir/font/writet1.c

+2
Original file line numberDiff line numberDiff line change
@@ -1581,7 +1581,9 @@ static void t1_check_unusual_charstring(void)
15811581
if (sscanf(p, "%i", &i) != 1) {
15821582
strcpy(t1_buf_array, t1_line_array);
15831583
t1_getline();
1584+
alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
15841585
strcat(t1_buf_array, t1_line_array);
1586+
alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
15851587
strcpy(t1_line_array, t1_buf_array);
15861588
t1_line_ptr = eol(t1_line_array);
15871589
}

Diff for: texk/web2c/pdftexdir/ChangeLog

+5
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
2018-09-18 Nick Roessler <nicholas.e.roessler@gmail.com>
2+
3+
* writet1.c (t1_check_unusual_charstring): protect against buffer
4+
overflow.
5+
16
2018-09-09 Karl Berry <karl@tug.org>
27

38
* expanded.test,

Diff for: texk/web2c/pdftexdir/writet1.c

+2
Original file line numberDiff line numberDiff line change
@@ -1598,7 +1598,9 @@ static void t1_check_unusual_charstring(void)
15981598
*(strend(t1_buf_array) - 1) = ' ';
15991599

16001600
t1_getline();
1601+
alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
16011602
strcat(t1_buf_array, t1_line_array);
1603+
alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
16021604
strcpy(t1_line_array, t1_buf_array);
16031605
t1_line_ptr = eol(t1_line_array);
16041606
}

0 commit comments

Comments
 (0)