[tlbuild] Buffer overrun in dvi2tty

Ken Brown kbrow1i at gmail.com
Wed Jun 20 13:43:18 CEST 2012


On 6/20/2012 4:50 AM, Peter Breitenlohner wrote:
> On Tue, 19 Jun 2012, Ken Brown wrote:
>
>> Here's another matter to be dealt with after the freeze is over: The
>> function getfname in dvi2tty.c has no checks to prevent buffer
>> overruns. I discovered this when dvi2tty.test was mysteriously failing
>> when I built TL in a directory with long path names.
>>
>> As a side note, the value of 100 for MAXLEN in dvi2tty.c seems
>> unnecessarily small.
>
> Hi Ken,
>
> looking at the code, I think there is a better way to handle all this.
>
> MAXLEN is only used as length of the char array DVIfilename. One could
> easily replace that by
> char *DVIfilename;
> at the top-level, and use
> if ((DVIfilename = malloc(i+5)) == NULL)
> errorexit(xxxx);
> strcpy(DVIfilename, str);
> in getfname(), with a suitable error code xxxx. Moreover, I would suggest
> to check all other occurences of malloc().

Hi Peter,

Yes, that's much better.  Something like that is already done in 
disdvi.c, but without the error check on the call to malloc.

Ken



More information about the tlbuild mailing list