[tlbuild] Buffer overrun in dvi2tty

Peter Breitenlohner peb at mppmu.mpg.de
Wed Jun 20 10:50:01 CEST 2012


On Tue, 19 Jun 2012, Ken Brown wrote:

> Here's another matter to be dealt with after the freeze is over: The function 
> getfname in dvi2tty.c has no checks to prevent buffer overruns.  I discovered 
> this when dvi2tty.test was mysteriously failing when I built TL in a 
> directory with long path names.
>
> As a side note, the value of 100 for MAXLEN in dvi2tty.c seems unnecessarily 
> small.

Hi Ken,

looking at the code, I think there is a better way to handle all this.

MAXLEN is only used as length of the char array DVIfilename.  One could
easily replace that by
   char *DVIfilename;
at the top-level, and use
   if ((DVIfilename = malloc(i+5)) == NULL)
     errorexit(xxxx);
   strcpy(DVIfilename, str);
in getfname(), with a suitable error code xxxx.  Moreover, I would suggest
to check all other occurences of malloc().

Regards
Peter


More information about the tlbuild mailing list