texlive[50641] Build/source/texk/dvipsk/testdata: dvips buffer
commits+karl at tug.org
commits+karl at tug.org
Fri Mar 29 19:02:17 CET 2019
Revision: 50641
http://tug.org/svn/texlive?view=revision&revision=50641
Author: karl
Date: 2019-03-29 19:02:17 +0100 (Fri, 29 Mar 2019)
Log Message:
-----------
dvips buffer overflows reported by Andy Nguyen
Modified Paths:
--------------
trunk/Build/source/texk/dvipsk/ChangeLog
trunk/Build/source/texk/dvipsk/Makefile.am
trunk/Build/source/texk/dvipsk/Makefile.in
trunk/Build/source/texk/dvipsk/color.c
trunk/Build/source/texk/dvipsk/dospecial.c
Added Paths:
-----------
trunk/Build/source/texk/dvipsk/test-overflow-buffers.test
trunk/Build/source/texk/dvipsk/testdata/color.pro
trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.dvi
trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.tex
trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.dvi
trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.tex
trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.dvi
trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.tex
Property Changed:
----------------
trunk/Build/source/texk/dvipsk/color.c
trunk/Build/source/texk/dvipsk/dospecial.c
Modified: trunk/Build/source/texk/dvipsk/ChangeLog
===================================================================
--- trunk/Build/source/texk/dvipsk/ChangeLog 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/ChangeLog 2019-03-29 18:02:17 UTC (rev 50641)
@@ -1,3 +1,19 @@
+2019-03-29 Karl Berry <karl at freefriends.org>
+
+ * color.c (colorcmdout),
+ * dospecial.c (dospecial) <epsfile>, <postscriptbox>: check for
+ buffer overflows.
+ * test-overflow-buffers.test,
+ * testdata/color.pro,
+ * testdata/overflow-color-push.dvi,
+ * testdata/overflow-color-push.tex,
+ * testdata/overflow-epsfile.dvi,
+ * testdata/overflow-epsfile.tex,
+ * testdata/overflow-psbox.dvi,
+ * testdata/overflow-psbox.tex: new test files and support.
+ * Makefile.am (TESTS, EXTRA_DIST, DISTCLEANFILES): add new tests.
+ Report from Andy Nguyen of ETH Zurich.
+
2019-02-26 Hironobu Yamashita <h.y.acetaminophen at gmail.com>
* afm2tfm.c: Forbid too long file name.
Modified: trunk/Build/source/texk/dvipsk/Makefile.am
===================================================================
--- trunk/Build/source/texk/dvipsk/Makefile.am 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/Makefile.am 2019-03-29 18:02:17 UTC (rev 50641)
@@ -1,7 +1,7 @@
## $Id$
## Makefile.am for the TeX Live subdirectory texk/dvipsk/
##
-## Copyright 2017 Karl Berry <tex-live at tug.org>
+## Copyright 2017-2019 Karl Berry <tex-live at tug.org>
## Copyright 2009-2015 Peter Breitenlohner <tex-live at tug.org>
## You may freely use, modify and/or distribute this file.
##
@@ -113,9 +113,11 @@
TESTS = afm2tfm-test.pl
afm2tfm-test.log: afm2tfm$(EXEEXT)
TESTS += beginfontk1.test eepic-nan.test pfbincl.test \
- quotecmd-test.pl same-name.test test-dvips.test
+ quotecmd-test.pl same-name.test test-dvips.test \
+ test-overflow-buffers.test
beginfontk1.log eepic-nan.log pfbincl.log \
- quotecmd-test.log same-name.log test-dvips.log: dvips$(EXEEXT)
+ quotecmd-test.log same-name.log test-dvips.log \
+ test-overflow-buffers.log: dvips$(EXEEXT)
AM_TESTS_ENVIRONMENT = TEXMFCNF=$(srcdir)/../kpathsea; export TEXMFCNF;
AM_TESTS_ENVIRONMENT += TEXCONFIG=$(srcdir)/testdata; export TEXCONFIG;
@@ -138,6 +140,7 @@
testdata/cmsy10.tfm \
testdata/cmtt10.pfb \
testdata/cmtt10.tfm \
+ testdata/color.pro \
testdata/config.pdf \
testdata/config.ps \
testdata/psfonts.map \
@@ -171,6 +174,11 @@
## test-dvips
EXTRA_DIST += testdata/dvipstst.tex testdata/dvipstst.xdv testdata/dvipstst.xps
DISTCLEANFILES += dvipstst.ps missfont.log mtest.ps
+## test-overflow-buffers
+EXTRA_DIST += overflow-color-push.dvi overflow-color-push.tex \
+ overflow-epsfile.dvi overflow-epsfile.tex \
+ overflow-psbox.dvi overflow-psbox.tex
+DISTCLEANFILES += overflow-color-push.ps overflow-epsfile.ps overflow-psbox.ps
EXTRA_DIST += \
NEWS \
Modified: trunk/Build/source/texk/dvipsk/Makefile.in
===================================================================
--- trunk/Build/source/texk/dvipsk/Makefile.in 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/Makefile.in 2019-03-29 18:02:17 UTC (rev 50641)
@@ -714,7 +714,8 @@
dvips_TEXINFOS = contrib/config.proto dvips.help
DISTCLEANFILES = $(DVIS) $(PSS) afmtest.tfm beginfontk1.ps \
eepic-nan.ps pfbincl.ps *badnews* same-name.out dvipstst.ps \
- missfont.log mtest.ps
+ missfont.log mtest.ps overflow-color-push.ps \
+ overflow-epsfile.ps overflow-psbox.ps
prolog_DATA = $(prologues)
dist_prologues = \
color.lpro \
@@ -733,28 +734,32 @@
testdata/cmex10.tfm testdata/cmmi10.pfb testdata/cmmi10.tfm \
testdata/cmr10.pfb testdata/cmr10.tfm testdata/cmsy10.pfb \
testdata/cmsy10.tfm testdata/cmtt10.pfb testdata/cmtt10.tfm \
- testdata/config.pdf testdata/config.ps testdata/psfonts.map \
- testdata/ptmbi.vf testdata/ptmbi8r.tfm testdata/ptmr.vf \
- testdata/ptmr8r.tfm testdata/ptmri.vf testdata/ptmri8r.tfm \
- testdata/special.pro testdata/tex.pro testdata/texc.pro \
- testdata/texps.pro testdata/beginfontk1.dvi \
+ testdata/color.pro testdata/config.pdf testdata/config.ps \
+ testdata/psfonts.map testdata/ptmbi.vf testdata/ptmbi8r.tfm \
+ testdata/ptmr.vf testdata/ptmr8r.tfm testdata/ptmri.vf \
+ testdata/ptmri8r.tfm testdata/special.pro testdata/tex.pro \
+ testdata/texc.pro testdata/texps.pro testdata/beginfontk1.dvi \
testdata/beginfontk1.eps testdata/beginfontk1.tex \
testdata/eepic-nan.dvi testdata/eepic-nan.tex \
testdata/pfbincl.eps testdata/pfbincl.tex testdata/pfbincl.xdv \
testdata/pfbincl.xps testdata/quotecmd.dvi \
testdata/quotecmd.tex testdata/dvipstst.tex \
- testdata/dvipstst.xdv testdata/dvipstst.xps NEWS TODO \
- testdata/intoverflow.dvi testdata/vfnameoverflow.dvi atari \
- cmfonts.map config.ps contrib/afm-extra contrib/colorsep.lpro \
- contrib/configs contrib/crop.lpr contrib/latex209 \
- contrib/treen.sh contrib/treen2.sh contrib/volker \
- contrib/whichinpath cyrfonts.map eufonts.map flib.c \
- hps/CHANGES_HPS.txt hps/README_HPS.txt lafonts.map makefont.c \
- mvs psfonts.map tex vmcms vms
+ testdata/dvipstst.xdv testdata/dvipstst.xps \
+ overflow-color-push.dvi overflow-color-push.tex \
+ overflow-epsfile.dvi overflow-epsfile.tex overflow-psbox.dvi \
+ overflow-psbox.tex NEWS TODO testdata/intoverflow.dvi \
+ testdata/vfnameoverflow.dvi atari cmfonts.map config.ps \
+ contrib/afm-extra contrib/colorsep.lpro contrib/configs \
+ contrib/crop.lpr contrib/latex209 contrib/treen.sh \
+ contrib/treen2.sh contrib/volker contrib/whichinpath \
+ cyrfonts.map eufonts.map flib.c hps/CHANGES_HPS.txt \
+ hps/README_HPS.txt lafonts.map makefont.c mvs psfonts.map tex \
+ vmcms vms
CLEANFILES = $(prologues) texc.lpro
TEST_EXTENSIONS = .pl .test
TESTS = afm2tfm-test.pl beginfontk1.test eepic-nan.test pfbincl.test \
- quotecmd-test.pl same-name.test test-dvips.test
+ quotecmd-test.pl same-name.test test-dvips.test \
+ test-overflow-buffers.test
AM_TESTS_ENVIRONMENT = TEXMFCNF=$(srcdir)/../kpathsea; export \
TEXMFCNF; TEXCONFIG=$(srcdir)/testdata; export TEXCONFIG; \
TEXFONTS=$(srcdir)/testdata; export TEXFONTS; \
@@ -1955,7 +1960,8 @@
cd squeeze && $(MAKE) $(AM_MAKEFLAGS) stamp-squeeze
afm2tfm-test.log: afm2tfm$(EXEEXT)
beginfontk1.log eepic-nan.log pfbincl.log \
- quotecmd-test.log same-name.log test-dvips.log: dvips$(EXEEXT)
+ quotecmd-test.log same-name.log test-dvips.log \
+ test-overflow-buffers.log: dvips$(EXEEXT)
dist-hook:
cd "$(distdir)" && rm -rf $(NEVER_DIST)
Modified: trunk/Build/source/texk/dvipsk/color.c
===================================================================
--- trunk/Build/source/texk/dvipsk/color.c 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/color.c 2019-03-29 18:02:17 UTC (rev 50641)
@@ -1,4 +1,4 @@
-/*
+/* $Id$
* This is a set of routines for dvips that are used to process color
* commands in the TeX file (passed by \special commands). This was
* orignally written by J. Hafner, E. Blanz and M. Flickner of IBM
@@ -27,6 +27,7 @@
#define COLORHASH (89)
#define MAXCOLORLEN (120) /* maximum color length for background */
#define INITCOLORLEN (10000) /* initial stack size in chars */
+#define OUTBUFSIZ (100) /* base limit on special length */
/*
* This is where we store the color information for a particular page.
* If we free all of these, we free all of the allocated color
@@ -51,7 +52,8 @@
colorcmdout(char *s)
{
char *p;
- char tempword[100];
+ char tempword[OUTBUFSIZ];
+ integer templen;
while (*s && *s <= ' ')
s++;
@@ -66,7 +68,17 @@
return;
}
cmdout(p);
+
strcpy(tempword, "TeXcolor");
+ templen = strlen("TeXcolor") + strlen(s) + 2; /* 2 is slop, just in case */
+ if (templen >= OUTBUFSIZ) {
+ /* PostScript names get truncated to around 128 characters anyway,
+ so there's no reason to allow longer here. */
+ sprintf(errbuf, "! TeXcolor special name longer than %d characters",
+ OUTBUFSIZ);
+ error (errbuf);
+ }
+
for (p=tempword + strlen(tempword); *s && *s > ' '; p++, s++)
*p = *s;
*p = 0;
Property changes on: trunk/Build/source/texk/dvipsk/color.c
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+Date Author Id Revision
\ No newline at end of property
Modified: trunk/Build/source/texk/dvipsk/dospecial.c
===================================================================
--- trunk/Build/source/texk/dvipsk/dospecial.c 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/dospecial.c 2019-03-29 18:02:17 UTC (rev 50641)
@@ -1,4 +1,4 @@
-/*
+/* $Id$
* This routine handles special commands;
* predospecial() is for the prescan, dospecial() for the real thing.
*/
@@ -585,7 +585,9 @@
const char *tasks[] = { 0, "iff2ps", "tek2ps" };
-static char psfile[511];
+#define PSFILESIZ 511
+static char psfile[PSFILESIZ];
+
void
dospecial(integer numbytes)
{
@@ -646,9 +648,20 @@
/* added for dvi2ps special */
if (strncmp(p, "epsfile=", 8)==0) { /* epsf.sty for dvi2ps-j */
float llx, lly, urx, ury;
+ unsigned psfilelen = 0;
p += 8;
- sscanf(p, "%s", psfile);
+ while (!isspace((unsigned char)*p)) {
+ if (psfilelen < PSFILESIZ) {
+ psfile[psfilelen] = *p;
+ psfilelen++;
+ } else {
+ sprintf(errbuf, "! epsfile= argument longer than %d characters",
+ PSFILESIZ);
+ error(errbuf);
+ }
+ }
+ psfile[psfilelen] = 0;
p += strlen(psfile);
fgetboundingbox(psfile, &llx, &lly, &urx, &ury);
hvpos();
@@ -752,6 +765,16 @@
if (strncmp(p, "postscriptbox", 13)==0) { /* epsbox.sty for jdvi2kps */
float w, h;
float llx, lly, urx, ury;
+ if (strlen(p)-13-6 >= PSFILESIZ) { /* -6 for the braces */
+ /* We're not allowing as long a name as we could, since however
+ many characters the two {%fpt} arguments consume is not
+ taken into account. But parsing it all so we know the
+ character length is too much work for this obscure special. */
+ sprintf(errbuf,
+ "! postscriptbox{} arguments longer than %d characters",
+ PSFILESIZ);
+ error(errbuf);
+ }
if (sscanf(p+13, "{%fpt}{%fpt}{%[^}]}", &w, &h, psfile) != 3)
break;
fgetboundingbox(psfile, &llx, &lly, &urx, &ury);
Property changes on: trunk/Build/source/texk/dvipsk/dospecial.c
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+Date Author Id Revision
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/test-overflow-buffers.test
===================================================================
--- trunk/Build/source/texk/dvipsk/test-overflow-buffers.test (rev 0)
+++ trunk/Build/source/texk/dvipsk/test-overflow-buffers.test 2019-03-29 18:02:17 UTC (rev 50641)
@@ -0,0 +1,14 @@
+#! /bin/sh -vx
+# $Id$
+# Public domain. Various buffer overflows, reported by
+# Andy Nguyen of ETH Zurich. The program should detect and abort.
+
+for tst in overflow-color-push overflow-epsfile overflow-psbox; do
+ :
+ if ./dvips $srcdir/testdata/$tst.dvi -o; then
+ echo "$0: test $tst should have failed." >&2
+ exit 1
+ fi
+done
+
+exit 1
Property changes on: trunk/Build/source/texk/dvipsk/test-overflow-buffers.test
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+Date Author Id Revision
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/testdata/color.pro
===================================================================
--- trunk/Build/source/texk/dvipsk/testdata/color.pro (rev 0)
+++ trunk/Build/source/texk/dvipsk/testdata/color.pro 2019-03-29 18:02:17 UTC (rev 50641)
@@ -0,0 +1,46 @@
+%!
+TeXDict begin/setcmykcolor where{pop}{/setcmykcolor{dup 10 eq{pop
+setrgbcolor}{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll
+}repeat setrgbcolor pop}ifelse}B}ifelse/TeXcolorcmyk{setcmykcolor}def
+/TeXcolorrgb{setrgbcolor}def/TeXcolorgrey{setgray}def/TeXcolorgray{
+setgray}def/TeXcolorhsb{sethsbcolor}def/currentcmykcolor where{pop}{
+/currentcmykcolor{currentrgbcolor 10}B}ifelse/DC{exch dup userdict exch
+known{pop pop}{X}ifelse}B/GreenYellow{0.15 0 0.69 0 setcmykcolor}DC
+/Yellow{0 0 1 0 setcmykcolor}DC/Goldenrod{0 0.10 0.84 0 setcmykcolor}DC
+/Dandelion{0 0.29 0.84 0 setcmykcolor}DC/Apricot{0 0.32 0.52 0
+setcmykcolor}DC/Peach{0 0.50 0.70 0 setcmykcolor}DC/Melon{0 0.46 0.50 0
+setcmykcolor}DC/YellowOrange{0 0.42 1 0 setcmykcolor}DC/Orange{0 0.61
+0.87 0 setcmykcolor}DC/BurntOrange{0 0.51 1 0 setcmykcolor}DC
+/Bittersweet{0 0.75 1 0.24 setcmykcolor}DC/RedOrange{0 0.77 0.87 0
+setcmykcolor}DC/Mahogany{0 0.85 0.87 0.35 setcmykcolor}DC/Maroon{0 0.87
+0.68 0.32 setcmykcolor}DC/BrickRed{0 0.89 0.94 0.28 setcmykcolor}DC/Red{
+0 1 1 0 setcmykcolor}DC/OrangeRed{0 1 0.50 0 setcmykcolor}DC/RubineRed{
+0 1 0.13 0 setcmykcolor}DC/WildStrawberry{0 0.96 0.39 0 setcmykcolor}DC
+/Salmon{0 0.53 0.38 0 setcmykcolor}DC/CarnationPink{0 0.63 0 0
+setcmykcolor}DC/Magenta{0 1 0 0 setcmykcolor}DC/VioletRed{0 0.81 0 0
+setcmykcolor}DC/Rhodamine{0 0.82 0 0 setcmykcolor}DC/Mulberry{0.34 0.90
+0 0.02 setcmykcolor}DC/RedViolet{0.07 0.90 0 0.34 setcmykcolor}DC
+/Fuchsia{0.47 0.91 0 0.08 setcmykcolor}DC/Lavender{0 0.48 0 0
+setcmykcolor}DC/Thistle{0.12 0.59 0 0 setcmykcolor}DC/Orchid{0.32 0.64 0
+0 setcmykcolor}DC/DarkOrchid{0.40 0.80 0.20 0 setcmykcolor}DC/Purple{
+0.45 0.86 0 0 setcmykcolor}DC/Plum{0.50 1 0 0 setcmykcolor}DC/Violet{
+0.79 0.88 0 0 setcmykcolor}DC/RoyalPurple{0.75 0.90 0 0 setcmykcolor}DC
+/BlueViolet{0.86 0.91 0 0.04 setcmykcolor}DC/Periwinkle{0.57 0.55 0 0
+setcmykcolor}DC/CadetBlue{0.62 0.57 0.23 0 setcmykcolor}DC
+/CornflowerBlue{0.65 0.13 0 0 setcmykcolor}DC/MidnightBlue{0.98 0.13 0
+0.43 setcmykcolor}DC/NavyBlue{0.94 0.54 0 0 setcmykcolor}DC/RoyalBlue{1
+0.50 0 0 setcmykcolor}DC/Blue{1 1 0 0 setcmykcolor}DC/Cerulean{0.94 0.11
+0 0 setcmykcolor}DC/Cyan{1 0 0 0 setcmykcolor}DC/ProcessBlue{0.96 0 0 0
+setcmykcolor}DC/SkyBlue{0.62 0 0.12 0 setcmykcolor}DC/Turquoise{0.85 0
+0.20 0 setcmykcolor}DC/TealBlue{0.86 0 0.34 0.02 setcmykcolor}DC
+/Aquamarine{0.82 0 0.30 0 setcmykcolor}DC/BlueGreen{0.85 0 0.33 0
+setcmykcolor}DC/Emerald{1 0 0.50 0 setcmykcolor}DC/JungleGreen{0.99 0
+0.52 0 setcmykcolor}DC/SeaGreen{0.69 0 0.50 0 setcmykcolor}DC/Green{1 0
+1 0 setcmykcolor}DC/ForestGreen{0.91 0 0.88 0.12 setcmykcolor}DC
+/PineGreen{0.92 0 0.59 0.25 setcmykcolor}DC/LimeGreen{0.50 0 1 0
+setcmykcolor}DC/YellowGreen{0.44 0 0.74 0 setcmykcolor}DC/SpringGreen{
+0.26 0 0.76 0 setcmykcolor}DC/OliveGreen{0.64 0 0.95 0.40 setcmykcolor}
+DC/RawSienna{0 0.72 1 0.45 setcmykcolor}DC/Sepia{0 0.83 1 0.70
+setcmykcolor}DC/Brown{0 0.81 1 0.60 setcmykcolor}DC/Tan{0.14 0.42 0.56 0
+setcmykcolor}DC/Gray{0 0 0 0.50 setcmykcolor}DC/Black{0 0 0 1
+setcmykcolor}DC/White{0 0 0 0 setcmykcolor}DC end
Property changes on: trunk/Build/source/texk/dvipsk/testdata/color.pro
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.dvi
===================================================================
(Binary files differ)
Index: trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.dvi
===================================================================
--- trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.dvi 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.dvi 2019-03-29 18:02:17 UTC (rev 50641)
Property changes on: trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.dvi
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-dvi
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.tex
===================================================================
--- trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.tex (rev 0)
+++ trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.tex 2019-03-29 18:02:17 UTC (rev 50641)
@@ -0,0 +1,17 @@
+% Andy Nguyen of ETH Zurich. Public domain.
+% tlsecurity mail of 28 Mar 2019 18:20:48.
+% File "dvipsk/color.c", subroutine "colorcmdout": "s" is copied to
+% "tempword" without length validation.
+
+\documentclass{article}
+
+\begin{document}
+\thispagestyle{empty}
+
+\begin{figure}[p]
+
+\special{color push aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a}
+
+\end{figure}
+
+\end{document}
Property changes on: trunk/Build/source/texk/dvipsk/testdata/overflow-color-push.tex
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.dvi
===================================================================
(Binary files differ)
Index: trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.dvi
===================================================================
--- trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.dvi 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.dvi 2019-03-29 18:02:17 UTC (rev 50641)
Property changes on: trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.dvi
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-dvi
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.tex
===================================================================
--- trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.tex (rev 0)
+++ trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.tex 2019-03-29 18:02:17 UTC (rev 50641)
@@ -0,0 +1,17 @@
+% Andy Nguyen of ETH Zurich. Public domain.
+% tlsecurity mail of 28 Mar 2019 18:20:48.
+% File "dvipsk/dospecial.c", subroutine "dospecial": "epsfile" is parsed
+% using "sscanf(p, "%s", psfile);", which has no length limitation.
+
+\documentclass{article}
+
+\begin{document}
+
+\begin{figure}[p]
+\thispagestyle{empty}
+
+\special{epsfile=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa}
+
+\end{figure}
+
+\end{document}
Property changes on: trunk/Build/source/texk/dvipsk/testdata/overflow-epsfile.tex
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.dvi
===================================================================
(Binary files differ)
Index: trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.dvi
===================================================================
--- trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.dvi 2019-03-29 14:35:05 UTC (rev 50640)
+++ trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.dvi 2019-03-29 18:02:17 UTC (rev 50641)
Property changes on: trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.dvi
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-dvi
\ No newline at end of property
Added: trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.tex
===================================================================
--- trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.tex (rev 0)
+++ trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.tex 2019-03-29 18:02:17 UTC (rev 50641)
@@ -0,0 +1,18 @@
+% Andy Nguyen of ETH Zurich. Public domain.
+% tlsecurity mail of 28 Mar 2019 18:20:48.
+% File "dvipsk/dospecial.c", subroutine "dospecial": "psfile" is parsed using
+% "sscanf(p+13, "{%fpt}{%fpt}{%[^}]}", &w, &h, psfile)", which has no length
+% limitation.
+
+\documentclass{article}
+
+\begin{document}
+\thispagestyle{empty}
+
+\begin{figure}[p]
+
+\special{postscriptbox{}{}{aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa}}
+
+\end{figure}
+
+\end{document}
Property changes on: trunk/Build/source/texk/dvipsk/testdata/overflow-psbox.tex
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
More information about the tex-live-commits
mailing list