texlive[48697] Build/source/texk: writet1 protection against buffer
commits+preining at tug.org
commits+preining at tug.org
Wed Sep 19 06:02:07 CEST 2018
Revision: 48697
http://tug.org/svn/texlive?view=revision&revision=48697
Author: preining
Date: 2018-09-19 06:02:06 +0200 (Wed, 19 Sep 2018)
Log Message:
-----------
writet1 protection against buffer overflow
Modified Paths:
--------------
trunk/Build/source/texk/dvipsk/ChangeLog
trunk/Build/source/texk/dvipsk/writet1.c
trunk/Build/source/texk/web2c/luatexdir/ChangeLog
trunk/Build/source/texk/web2c/luatexdir/font/writet1.c
trunk/Build/source/texk/web2c/pdftexdir/ChangeLog
trunk/Build/source/texk/web2c/pdftexdir/writet1.c
Modified: trunk/Build/source/texk/dvipsk/ChangeLog
===================================================================
--- trunk/Build/source/texk/dvipsk/ChangeLog 2018-09-19 03:32:50 UTC (rev 48696)
+++ trunk/Build/source/texk/dvipsk/ChangeLog 2018-09-19 04:02:06 UTC (rev 48697)
@@ -1,3 +1,8 @@
+2018-09-18 Nick Roessler <nicholas.e.roessler at gmail.com>
+
+ * writet1.c (t1_check_unusual_charstring): protect against buffer
+ overflow.
+
2018-04-14 Karl Berry <karl at tug.org>
* Version 5.998 for TeX Live 2018 release.
Modified: trunk/Build/source/texk/dvipsk/writet1.c
===================================================================
--- trunk/Build/source/texk/dvipsk/writet1.c 2018-09-19 03:32:50 UTC (rev 48696)
+++ trunk/Build/source/texk/dvipsk/writet1.c 2018-09-19 04:02:06 UTC (rev 48697)
@@ -1449,7 +1449,9 @@
*(strend(t1_buf_array) - 1) = ' ';
t1_getline();
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcat(t1_buf_array, t1_line_array);
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcpy(t1_line_array, t1_buf_array);
t1_line_ptr = eol(t1_line_array);
}
Modified: trunk/Build/source/texk/web2c/luatexdir/ChangeLog
===================================================================
--- trunk/Build/source/texk/web2c/luatexdir/ChangeLog 2018-09-19 03:32:50 UTC (rev 48696)
+++ trunk/Build/source/texk/web2c/luatexdir/ChangeLog 2018-09-19 04:02:06 UTC (rev 48697)
@@ -1,3 +1,7 @@
+2018-09-18 Nick Roessler <nicholas.e.roessler at gmail.com>
+ * fonts/writet1.w (t1_check_unusual_charstring): protect against
+ buffer overflow.
+
2018-08-27 Luigi Scarso <luigi.scarso at gmail.com>
* dropped dependency from gmp and mpfr
Modified: trunk/Build/source/texk/web2c/luatexdir/font/writet1.c
===================================================================
--- trunk/Build/source/texk/web2c/luatexdir/font/writet1.c 2018-09-19 03:32:50 UTC (rev 48696)
+++ trunk/Build/source/texk/web2c/luatexdir/font/writet1.c 2018-09-19 04:02:06 UTC (rev 48697)
@@ -1581,7 +1581,9 @@
if (sscanf(p, "%i", &i) != 1) {
strcpy(t1_buf_array, t1_line_array);
t1_getline();
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcat(t1_buf_array, t1_line_array);
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcpy(t1_line_array, t1_buf_array);
t1_line_ptr = eol(t1_line_array);
}
Modified: trunk/Build/source/texk/web2c/pdftexdir/ChangeLog
===================================================================
--- trunk/Build/source/texk/web2c/pdftexdir/ChangeLog 2018-09-19 03:32:50 UTC (rev 48696)
+++ trunk/Build/source/texk/web2c/pdftexdir/ChangeLog 2018-09-19 04:02:06 UTC (rev 48697)
@@ -1,3 +1,8 @@
+2018-09-18 Nick Roessler <nicholas.e.roessler at gmail.com>
+
+ * writet1.c (t1_check_unusual_charstring): protect against buffer
+ overflow.
+
2018-09-09 Karl Berry <karl at tug.org>
* expanded.test,
Modified: trunk/Build/source/texk/web2c/pdftexdir/writet1.c
===================================================================
--- trunk/Build/source/texk/web2c/pdftexdir/writet1.c 2018-09-19 03:32:50 UTC (rev 48696)
+++ trunk/Build/source/texk/web2c/pdftexdir/writet1.c 2018-09-19 04:02:06 UTC (rev 48697)
@@ -1598,7 +1598,9 @@
*(strend(t1_buf_array) - 1) = ' ';
t1_getline();
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcat(t1_buf_array, t1_line_array);
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcpy(t1_line_array, t1_buf_array);
t1_line_ptr = eol(t1_line_array);
}
More information about the tex-live-commits
mailing list