mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
Code Issues Releases Activity

vtfontcvt: improve .bdf validation

Browse Source 
Previously if we had a BBX entry that had invalid values (e.g. bounding
box outside of font bounding box) and failed sscanf (e.g., because it
had fewer than four values) we skipped the BBX value validation and then
triggered an assertion failure.

Reported by:	afl
MFC with:	r349100
Event:		Berlin Devsummit 2019
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2019-06-16 13:51:45 +00:00
parent fd0e3f7c98
commit 08584e2c48
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=349108
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
usr.bin/vtfontcvt/vtfontcvt.c
View File

@ -379,9 +379,10 @@ parse_bdf(FILE *fp, unsigned int map_idx)
curchar = atoi(ln + 9);
} else if (strncmp(ln, "DWIDTH ", 7) == 0) {
dwidth = atoi(ln + 7);
} else if (strncmp(ln, "BBX ", 4) == 0 &&
sscanf(ln + 4, "%d %d %d %d", &bbw, &bbh, &bbox,
&bboy) == 4) {
} else if (strncmp(ln, "BBX ", 4) == 0) {
if (sscanf(ln + 4, "%d %d %d %d", &bbw, &bbh, &bbox,
&bboy) != 4)
errx(1, "invalid BBX at line %u", linenum);
if (bbw < 1 || bbh < 1 || bbw > fbbw || bbh > fbbh ||
bbox < fbbox || bboy < fbboy ||
bbh + bboy > fbbh + fbboy)