[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 04/20: [libgroff]: Fix Savannah #64485 (validation).
From: |
G. Branden Robinson |
Subject: |
[groff] 04/20: [libgroff]: Fix Savannah #64485 (validation). |
Date: |
Wed, 2 Aug 2023 12:46:39 -0400 (EDT) |
gbranden pushed a commit to branch master
in repository groff.
commit c64c8d4eea00b9b449e2836d3469b57a772f2e71
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Sat Jul 29 06:02:36 2023 -0500
[libgroff]: Fix Savannah #64485 (validation).
* src/libs/libgroff/fontfile.cpp (font::open_file): Do more parameter
validation. Don't construct a file name for opening from components
that are null pointers. Also `assert()` this since it should be an
invariant. Migrate from `sprintf()` to `snprintf()`; we have the size
of the destination buffer handy. Update `#include`s.
Fixes <https://savannah.gnu.org/bugs/?64485>. Thanks to Bjarni Ingi
Gislason for the report.
---
ChangeLog | 12 ++++++++++++
src/libs/libgroff/fontfile.cpp | 17 +++++++++++------
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7785482a7..e34b740b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2023-07-29 G. Branden Robinson <g.branden.robinson@gmail.com>
+
+ * src/libs/libgroff/fontfile.cpp (font::open_file): Do more
+ parameter validation. Don't construct a file name for opening
+ from components that are null pointers. Also `assert()` this
+ since it should be an invariant. Migrate from `sprintf()` to
+ `snprintf()`; we have the size of the destination buffer handy.
+ Update `#include`s.
+
+ Fixes <https://savannah.gnu.org/bugs/?64485>. Thanks to Bjarni
+ Ingi Gislason for the report.
+
2023-07-29 G. Branden Robinson <g.branden.robinson@gmail.com>
* src/preproc/pic/troff.cpp (troff_output::set_location): Do
diff --git a/src/libs/libgroff/fontfile.cpp b/src/libs/libgroff/fontfile.cpp
index 1c2fe027d..42e066613 100644
--- a/src/libs/libgroff/fontfile.cpp
+++ b/src/libs/libgroff/fontfile.cpp
@@ -18,8 +18,10 @@ along with this program. If not, see
<http://www.gnu.org/licenses/>. */
#include "lib.h"
-#include <stdlib.h>
-#include <errno.h>
+#include <assert.h> // assert()
+#include <stdio.h> // snprintf()
+#include <string.h> // strchr(), strlen()
+
#include "font.h"
#include "searchpath.h"
#include "device.h"
@@ -58,15 +60,18 @@ void font::command_line_font_dir(const char *dir)
FILE *font::open_file(const char *nm, char **pathp)
{
+ assert(nm != 0 /* nullptr */);
+ assert(device != 0 /* nullptr */);
FILE *fp = 0 /* nullptr */;
// Do not traverse user-specified directories; Savannah #61424.
- if (0 /* nullptr */ == strchr(nm, '/')) {
+ if ((0 /* nullptr */ == strchr(nm, '/'))
+ && (device != 0 /* nullptr */) && (nm != 0 /* nullptr */)) {
// Allocate enough for nm + device + 'dev' '/' '\0'.
size_t expected_size = strlen(nm) + strlen(device) + 5;
char *filename = new char[expected_size];
- const size_t actual_size = sprintf(filename, "dev%s/%s", device,
- nm);
- expected_size--; // sprintf() doesn't count the null terminator.
+ const size_t actual_size = snprintf(filename, expected_size,
+ "dev%s/%s", device, nm);
+ expected_size--; // snprintf() doesn't count the null terminator.
if (actual_size == expected_size)
fp = font_path.open_file(filename, pathp);
delete[] filename;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [groff] 04/20: [libgroff]: Fix Savannah #64485 (validation).,
G. Branden Robinson <=