[tlbuild] Buffer overrun in dvi2tty
Ken Brown
kbrow1i at gmail.com
Wed Jun 20 13:43:18 CEST 2012
On 6/20/2012 4:50 AM, Peter Breitenlohner wrote:
> On Tue, 19 Jun 2012, Ken Brown wrote:
>
>> Here's another matter to be dealt with after the freeze is over: The
>> function getfname in dvi2tty.c has no checks to prevent buffer
>> overruns. I discovered this when dvi2tty.test was mysteriously failing
>> when I built TL in a directory with long path names.
>>
>> As a side note, the value of 100 for MAXLEN in dvi2tty.c seems
>> unnecessarily small.
>
> Hi Ken,
>
> looking at the code, I think there is a better way to handle all this.
>
> MAXLEN is only used as length of the char array DVIfilename. One could
> easily replace that by
> char *DVIfilename;
> at the top-level, and use
> if ((DVIfilename = malloc(i+5)) == NULL)
> errorexit(xxxx);
> strcpy(DVIfilename, str);
> in getfname(), with a suitable error code xxxx. Moreover, I would suggest
> to check all other occurences of malloc().
Hi Peter,
Yes, that's much better. Something like that is already done in
disdvi.c, but without the error check on the call to malloc.
Ken
More information about the tlbuild
mailing list