Author: emaste
Date: Mon Jun 24 17:25:14 2019
New Revision: 349333
URL: https://svnweb.freebsd.org/changeset/base/349333
Log:
vtfontcvt: improve .bdf validation
Previously if we had a FONTBOUNDINGBOX or DWIDTH entry that had missing
or invalid values and and failed sscanf, we would proceeded with
partially initialized bounding box / device width variables.
Reported by: afl (FONTBOUNDINGBOX)
MFC with: r349100
Sponsored by: The FreeBSD Foundation
Modified:
head/usr.bin/vtfontcvt/vtfontcvt.c
Modified: head/usr.bin/vtfontcvt/vtfontcvt.c
==============================================================================
--- head/usr.bin/vtfontcvt/vtfontcvt.c Mon Jun 24 17:05:31 2019
(r349332)
+++ head/usr.bin/vtfontcvt/vtfontcvt.c Mon Jun 24 17:25:14 2019
(r349333)
@@ -335,9 +335,11 @@ parse_bdf(FILE *fp, unsigned int map_idx)
break;
}
}
- } else if (strncmp(ln, "FONTBOUNDINGBOX ", 16) == 0 &&
- sscanf(ln + 16, "%d %d %d %d", &fbbw, &fbbh, &fbbox,
- &fbboy) == 4) {
+ } else if (strncmp(ln, "FONTBOUNDINGBOX ", 16) == 0) {
+ if (sscanf(ln + 16, "%d %d %d %d", &fbbw, &fbbh, &fbbox,
+ &fbboy) != 4)
+ errx(1, "invalid FONTBOUNDINGBOX at line %u",
+ linenum);
set_width(fbbw);
set_height(fbbh);
break;
@@ -353,8 +355,9 @@ parse_bdf(FILE *fp, unsigned int map_idx)
linenum++;
ln[length - 1] = '\0';
- if (strncmp(ln, "DWIDTH ", 7) == 0 &&
- sscanf(ln + 7, "%d %d", &dwidth, &dwy) == 2) {
+ if (strncmp(ln, "DWIDTH ", 7) == 0) {
+ if (sscanf(ln + 7, "%d %d", &dwidth, &dwy) != 2)
+ errx(1, "invalid DWIDTH at line %u", linenum);
if (dwy != 0 || (dwidth != fbbw && dwidth * 2 != fbbw))
errx(1, "bitmap with unsupported DWIDTH %d %d
at line %u",
dwidth, dwy, linenum);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
