[tlbuild] Buffer overrun in dvi2tty
Peter Breitenlohner
peb at mppmu.mpg.de
Wed Jun 20 10:50:01 CEST 2012
On Tue, 19 Jun 2012, Ken Brown wrote:
> Here's another matter to be dealt with after the freeze is over: The function
> getfname in dvi2tty.c has no checks to prevent buffer overruns. I discovered
> this when dvi2tty.test was mysteriously failing when I built TL in a
> directory with long path names.
>
> As a side note, the value of 100 for MAXLEN in dvi2tty.c seems unnecessarily
> small.
Hi Ken,
looking at the code, I think there is a better way to handle all this.
MAXLEN is only used as length of the char array DVIfilename. One could
easily replace that by
char *DVIfilename;
at the top-level, and use
if ((DVIfilename = malloc(i+5)) == NULL)
errorexit(xxxx);
strcpy(DVIfilename, str);
in getfname(), with a suitable error code xxxx. Moreover, I would suggest
to check all other occurences of malloc().
Regards
Peter
More information about the tlbuild
mailing list