[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #55257] xtotroff.c: Defined size of the array "encoding" is too sho
From: |
G. Branden Robinson |
Subject: |
[bug #55257] xtotroff.c: Defined size of the array "encoding" is too short |
Date: |
Tue, 1 Dec 2020 00:42:42 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 |
Update of bug #55257 (project groff):
Status: Confirmed => In Progress
_______________________________________________________
Follow-up Comment #3:
I have a fix in preparation. Should land with my next batch of commits.
diff --git a/ChangeLog b/ChangeLog
index b41d1198..c36954e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2020-12-01 G. Branden Robinson <g.branden.robinson@gmail.com>
+
+ * src/utils/xtotroff/xtotroff.c (MapFont): Avoid writing past
+ the end of a static buffer. Problem found and patch supplied by
+ Bjarni Ingi Gislason. I tweaked it to comment it differently
+ {in case the buffer ever needs to grow, but the prospects of
+ future X11 server-side font rendering development seem dim} and
+ use snprintf() instead of retaining the existing sprinf().
+
2020-12-01 G. Branden Robinson <g.branden.robinson@gmail.com>
* src/utils/xtotroff/xtotroff.c (CanonicalizeFontName,
diff --git a/src/utils/xtotroff/xtotroff.c b/src/utils/xtotroff/xtotroff.c
index f6d316dc..cf7c41b8 100644
--- a/src/utils/xtotroff/xtotroff.c
+++ b/src/utils/xtotroff/xtotroff.c
@@ -130,7 +130,9 @@ static int MapFont(char *font_name, const char
*troff_name)
XFontName parsed;
int j, k;
DviCharNameMap *char_map;
- char encoding[256];
+ /* 'encoding' needs to hold a CharSetRegistry (256), a CharSetEncoding
+ (256) [both from XFontName.h], a dash, and a null terminator. */
+ char encoding[256 * 2 + 1 + 1];
char *s;
int wid;
char name_string[2048];
@@ -161,7 +163,8 @@ static int MapFont(char *font_name, const char
*troff_name)
return 0;
XParseFontName(names[0], &parsed, &attributes);
- sprintf(encoding, "%s-%s", parsed.CharSetRegistry,
+ size_t sz = sizeof encoding;
+ snprintf(encoding, sz, "%s-%s", parsed.CharSetRegistry,
parsed.CharSetEncoding);
for (s = encoding; *s; s++)
if (isupper(*s))
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?55257>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [bug #55257] xtotroff.c: Defined size of the array "encoding" is too short,
G. Branden Robinson <=