texlive[48688] branches/branch2018/Build/source/texk: writet1.(c,w)

Tue Sep 18 01:55:58 CEST 2018

Revision: 48688
          http://tug.org/svn/texlive?view=revision&revision=48688
Author:   preining
Date:     2018-09-18 01:55:58 +0200 (Tue, 18 Sep 2018)
Log Message:
-----------
writet1.(c,w) of dvips, pdftex, luatex: protect against buffer overflow

Modified Paths:
--------------
    branches/branch2018/Build/source/texk/dvipsk/ChangeLog
    branches/branch2018/Build/source/texk/dvipsk/writet1.c
    branches/branch2018/Build/source/texk/web2c/luatexdir/ChangeLog
    branches/branch2018/Build/source/texk/web2c/luatexdir/font/writet1.w
    branches/branch2018/Build/source/texk/web2c/pdftexdir/ChangeLog
    branches/branch2018/Build/source/texk/web2c/pdftexdir/writet1.c

Modified: branches/branch2018/Build/source/texk/dvipsk/ChangeLog
===================================================================

--- branches/branch2018/Build/source/texk/dvipsk/ChangeLog	2018-09-17 21:07:24 UTC (rev 48687)
+++ branches/branch2018/Build/source/texk/dvipsk/ChangeLog	2018-09-17 23:55:58 UTC (rev 48688)
@@ -1,3 +1,8 @@
+2018-09-18  Norbert Preining  <preining at logic.at>
+
+	* writet1.c (t1_check_unusual_charstring): protect against buffer
+	overflow.
+
 2018-04-14  Karl Berry  <karl at tug.org>
 
 	* Version 5.998 for TeX Live 2018 release.

Modified: branches/branch2018/Build/source/texk/dvipsk/writet1.c
===================================================================
--- branches/branch2018/Build/source/texk/dvipsk/writet1.c	2018-09-17 21:07:24 UTC (rev 48687)
+++ branches/branch2018/Build/source/texk/dvipsk/writet1.c	2018-09-17 23:55:58 UTC (rev 48688)
@@ -1449,7 +1449,9 @@
         *(strend(t1_buf_array) - 1) = ' ';
 
         t1_getline();
+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcat(t1_buf_array, t1_line_array);
+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcpy(t1_line_array, t1_buf_array);
         t1_line_ptr = eol(t1_line_array);
     }

Modified: branches/branch2018/Build/source/texk/web2c/luatexdir/ChangeLog
===================================================================
--- branches/branch2018/Build/source/texk/web2c/luatexdir/ChangeLog	2018-09-17 21:07:24 UTC (rev 48687)
+++ branches/branch2018/Build/source/texk/web2c/luatexdir/ChangeLog	2018-09-17 23:55:58 UTC (rev 48688)
@@ -1,3 +1,8 @@
+2018-09-18  Norbert Preining  <preining at logic.at>
+
+	* fonts/writet1.w (t1_check_unusual_charstring): protect against 
+	buffer overflow.
+
 2017-11-02 Luigi Scarso <luigi.scarso at gmail.com>
 	LuaFilesystem 1.7.0
 

Modified: branches/branch2018/Build/source/texk/web2c/luatexdir/font/writet1.w
===================================================================
--- branches/branch2018/Build/source/texk/web2c/luatexdir/font/writet1.w	2018-09-17 21:07:24 UTC (rev 48687)
+++ branches/branch2018/Build/source/texk/web2c/luatexdir/font/writet1.w	2018-09-17 23:55:58 UTC (rev 48688)
@@ -1625,7 +1625,9 @@
     if (sscanf(p, "%i", &i) != 1) {
         strcpy(t1_buf_array, t1_line_array);
         t1_getline();
+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcat(t1_buf_array, t1_line_array);
+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcpy(t1_line_array, t1_buf_array);
         t1_line_ptr = eol(t1_line_array);
     }

Modified: branches/branch2018/Build/source/texk/web2c/pdftexdir/ChangeLog
===================================================================
--- branches/branch2018/Build/source/texk/web2c/pdftexdir/ChangeLog	2018-09-17 21:07:24 UTC (rev 48687)
+++ branches/branch2018/Build/source/texk/web2c/pdftexdir/ChangeLog	2018-09-17 23:55:58 UTC (rev 48688)
@@ -1,3 +1,8 @@
+2018-09-18  Norbert Preining  <preining at logic.at>
+
+	* writet1.c (t1_check_unusual_charstring): protect against buffer
+	overflow.
+
 2018-04-14  Karl Berry  <karl at tug.org>
 
 	* TeX Live 2018 release, pdftex 1.40.19.

Modified: branches/branch2018/Build/source/texk/web2c/pdftexdir/writet1.c
===================================================================
--- branches/branch2018/Build/source/texk/web2c/pdftexdir/writet1.c	2018-09-17 21:07:24 UTC (rev 48687)
+++ branches/branch2018/Build/source/texk/web2c/pdftexdir/writet1.c	2018-09-17 23:55:58 UTC (rev 48688)
@@ -1598,7 +1598,9 @@
         *(strend(t1_buf_array) - 1) = ' ';
 
         t1_getline();
+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcat(t1_buf_array, t1_line_array);
+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcpy(t1_line_array, t1_buf_array);
         t1_line_ptr = eol(t1_line_array);
     }

