texlive[51045] Build/source/texk/dvipdfm-x: avoid buffer overflow
commits+kakuto at tug.org
commits+kakuto at tug.org
Wed May 8 14:30:06 CEST 2019
Revision: 51045
http://tug.org/svn/texlive?view=revision&revision=51045
Author: kakuto
Date: 2019-05-08 14:30:06 +0200 (Wed, 08 May 2019)
Log Message:
-----------
avoid buffer overflow
Modified Paths:
--------------
trunk/Build/source/texk/dvipdfm-x/ChangeLog
trunk/Build/source/texk/dvipdfm-x/dpxfile.c
Modified: trunk/Build/source/texk/dvipdfm-x/ChangeLog
===================================================================
--- trunk/Build/source/texk/dvipdfm-x/ChangeLog 2019-05-07 23:44:32 UTC (rev 51044)
+++ trunk/Build/source/texk/dvipdfm-x/ChangeLog 2019-05-08 12:30:06 UTC (rev 51045)
@@ -1,3 +1,7 @@
+2019-05-08 Akira Kakuto <kakuto at w32tex.org>
+
+ * dpxfile.c: Avoid buffer overflow.
+
2019-05-08 Shunsaku Hirata <shunsaku.hirata74 at gmail.com>
* spc_pdfm.c: Transformation also applies to annotations
Modified: trunk/Build/source/texk/dvipdfm-x/dpxfile.c
===================================================================
--- trunk/Build/source/texk/dvipdfm-x/dpxfile.c 2019-05-07 23:44:32 UTC (rev 51044)
+++ trunk/Build/source/texk/dvipdfm-x/dpxfile.c 2019-05-08 12:30:06 UTC (rev 51045)
@@ -163,11 +163,13 @@
extern int utf8name_failed;
#endif /* WIN32 */
+#define CMDBUFSIZ 1024
static int exec_spawn (char *cmd)
{
char **cmdv, **qv;
char *p, *pp;
- char buf[1024];
+ char buf[CMDBUFSIZ];
+ int charcnt;
int i, ret = -1;
#ifdef WIN32
wchar_t **cmdvw, **qvw;
@@ -186,11 +188,12 @@
i++;
p++;
}
- cmdv = xcalloc (i + 2, sizeof (char *));
+ cmdv = xcalloc (i + 4, sizeof (char *));
p = cmd;
qv = cmdv;
while (*p) {
pp = buf;
+ charcnt = 0;
if (*p == '"') {
p++;
while (*p != '"') {
@@ -198,6 +201,10 @@
goto done;
}
*pp++ = *p++;
+ charcnt++;
+ if (charcnt > CMDBUFSIZ - 1) {
+ ERROR("Too long a command line.");
+ }
}
p++;
} else if (*p == '\'') {
@@ -207,6 +214,10 @@
goto done;
}
*pp++ = *p++;
+ charcnt++;
+ if (charcnt > CMDBUFSIZ - 1) {
+ ERROR("Too long a command line.");
+ }
}
p++;
} else {
@@ -218,10 +229,18 @@
goto done;
}
*pp++ = *p++;
+ charcnt++;
+ if (charcnt > CMDBUFSIZ - 1) {
+ ERROR("Too long a command line.");
+ }
}
p++;
} else {
*pp++ = *p++;
+ charcnt++;
+ if (charcnt > CMDBUFSIZ - 1) {
+ ERROR("Too long a command line.");
+ }
}
}
}
@@ -239,11 +258,13 @@
p++;
qv++;
}
+ *qv = NULL;
+
#ifdef WIN32
#if defined(MIKTEX)
ret = _spawnvp(_P_WAIT, *cmdv, (const char* const*)cmdv);
#else
- cmdvw = xcalloc (i + 2, sizeof (wchar_t *));
+ cmdvw = xcalloc (i + 4, sizeof (wchar_t *));
if (utf8name_failed == 0) {
qv = cmdv;
qvw = cmdvw;
More information about the tex-live-commits
mailing list