texlive[45841] Build/source/texk/kpathsea: (elt_in_db): protect

commits+karl at tug.org commits+karl at tug.org
Sat Nov 18 00:38:04 CET 2017 

Revision: 45841
          http://tug.org/svn/texlive?view=revision&revision=45841
Author:   karl
Date:     2017-11-18 00:38:04 +0100 (Sat, 18 Nov 2017)
Log Message:
-----------
(elt_in_db): protect against pathological arguments

Modified Paths:
--------------
    trunk/Build/source/texk/kpathsea/ChangeLog
    trunk/Build/source/texk/kpathsea/db.c

Modified: trunk/Build/source/texk/kpathsea/ChangeLog
===================================================================
--- trunk/Build/source/texk/kpathsea/ChangeLog	2017-11-17 22:21:56 UTC (rev 45840)
+++ trunk/Build/source/texk/kpathsea/ChangeLog	2017-11-17 23:38:04 UTC (rev 45841)
@@ -1,3 +1,8 @@
+2017-11-18  Karl Berry  <karl at tug.org>
+
+	* db.c (elt_in_db): protect against either argument being NULL or
+	empty.  From Doug McKenna, personal mail, 17nov17.
+
 2017-11-11  Akira Kakuto  <kakuto at fuk.kindai.ac.jp>
 
 	* tex-file.c: Again use a custom kpathsea_getlongpath()

Modified: trunk/Build/source/texk/kpathsea/db.c
===================================================================
--- trunk/Build/source/texk/kpathsea/db.c	2017-11-17 22:21:56 UTC (rev 45840)
+++ trunk/Build/source/texk/kpathsea/db.c	2017-11-17 23:38:04 UTC (rev 45841)
@@ -296,6 +296,7 @@
    That is, the question is whether to try the db for a file looked up
    in PATH_ELT.  If PATH_ELT == ".", for example, the answer is no. If
    PATH_ELT == "/usr/local/lib/texmf/fonts//tfm", the answer is yes.
+   If either string is NULL or empty, return false.
 
    In practice, ls-R is only needed for lengthy subdirectory
    comparisons, but there's no gain to checking PATH_ELT to see if it is
@@ -307,6 +308,15 @@
 {
   boolean found = false;
 
+  /* If both strings are empty or null return false on the grounds that
+     it's useless to do anything further with such a strange case (which
+     likely never happens).  In theory one could argue that the empty
+     string is a prefix of any other string, but let's just declare the
+     result otherwise.  */
+  if (db_dir == NULL || *db_dir == 0
+      || path_elt == NULL || *path_elt == 0)
+    return false;
+     
   while (!found && FILECHARCASEEQ (*db_dir++, *path_elt++)) {
     /* If we've matched the entire db directory, it's good.  */
     if (*db_dir == 0)

More information about the tex-live-commits mailing list