texlive[67831] Build/source/texk/web2c/cwebdir: [CWEB] Max out the

commits+ascherer at tug.org commits+ascherer at tug.org
Mon Aug 7 17:22:55 CEST 2023 

Revision: 67831
          http://tug.org/svn/texlive?view=revision&revision=67831
Author:   ascherer
Date:     2023-08-07 17:22:55 +0200 (Mon, 07 Aug 2023)
Log Message:
-----------
[CWEB] Max out the section depth in CWEAVE/CTWILL.

CWEAVE didn't check for malicious user input like @*1234567890123456,
which certainly would over-/underflow INT_MAX. :o)

Modified Paths:
--------------
    trunk/Build/source/texk/web2c/cwebdir/cweave.w
    trunk/Build/source/texk/web2c/cwebdir/system.bux

Modified: trunk/Build/source/texk/web2c/cwebdir/cweave.w
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/cweave.w	2023-08-07 10:44:48 UTC (rev 67830)
+++ trunk/Build/source/texk/web2c/cwebdir/cweave.w	2023-08-07 15:22:55 UTC (rev 67831)
@@ -110,7 +110,12 @@
 possible changes from this \.{COMMON} interface consistently.
 
 @i common.h
+\.{CWEAVE} will use the |INT_MAX| limit in section
+|@<Output the code for the beginning...@>| below.
 
+@<Incl...@>=
+#include <limits.h>
+
 @* Data structures exclusive to {\tt CWEAVE}.
 As explained in \.{common.w}, the field of a |name_info| structure
 that contains the |rlink| of a section name is used for a completely
@@ -4237,7 +4242,7 @@
   }
   else {
     for (sec_depth=0; xisdigit(*loc);loc++)
-      sec_depth = sec_depth*10 + (*loc) -'0';
+      if (sec_depth < INT_MAX / 10) sec_depth = sec_depth*10 + (*loc) -'0';
   }
   while (*loc == ' ') loc++; /* remove spaces before group title */
   group_found=true;

Modified: trunk/Build/source/texk/web2c/cwebdir/system.bux
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/system.bux	2023-08-07 10:44:48 UTC (rev 67830)
+++ trunk/Build/source/texk/web2c/cwebdir/system.bux	2023-08-07 15:22:55 UTC (rev 67831)
@@ -51,6 +51,8 @@
 @$gettext "<libintl.h>" \zip@>
 @$textdomain "<libintl.h>" \zip@>
 
+@$INT_MAX "<limits.h>" \zip@>
+
 @$bindtextdomain "<locale.h>" \zip@>
 @$setlocale "<locale.h>" \zip@>
 @$LC_CTYPE "<locale.h>" \zip@>

More information about the tex-live-commits mailing list.