Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:kernel-2.6.32
texlive-bin
source-dvipng.dif
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File source-dvipng.dif of Package texlive-bin
--- texk/dvipng/draw.c +++ texk/dvipng/draw.c 2010-04-15 09:42:58.183424840 +0000 @@ -99,7 +99,16 @@ dviunits SetChar(int32_t c) if (currentfont==NULL) Fatal("faulty DVI, trying to set character from null font"); - ptr = currentfont->chr[c]; + + if (c<0 || c>LASTFNTCHAR) { + Warning("glyph index out of range (%d), skipping",c); + return(0); + } + ptr=currentfont->chr[c]; + if (ptr==NULL) { + Warning("unable to draw glyph %d, skipping",c); + return(0); + } #ifdef DEBUG switch (currentfont->type) { case FONT_TYPE_VF: DEBUG_PRINT(DEBUG_DVI,("\n VF CHAR:\t")); break; @@ -108,13 +117,13 @@ dviunits SetChar(int32_t c) case FONT_TYPE_FT: DEBUG_PRINT(DEBUG_DVI,("\n FT CHAR:\t")); break; default: DEBUG_PRINT(DEBUG_DVI,("\n NO CHAR:\t")) } - if (isprint(c)) + if (debug & DEBUG_DVI && c>=0 && c<=UCHAR_MAX && isprint(c)) DEBUG_PRINT(DEBUG_DVI,("'%c' ",c)); DEBUG_PRINT(DEBUG_DVI,("%d at (%d,%d) tfmw %d", c,hh,vv,ptr?ptr->tfmw:0)); #endif if (currentfont->type==FONT_TYPE_VF) { - return(SetVF(c)); - } else if (ptr) { + return(SetVF(ptr)); + } else { if (ptr->data == NULL) switch(currentfont->type) { case FONT_TYPE_PK: LoadPK(c, ptr); break; @@ -128,7 +137,7 @@ dviunits SetChar(int32_t c) Fatal("undefined fonttype %d",currentfont->type); } if (page_imagep != NULL) - return(SetGlyph(c, hh, vv)); + return(SetGlyph(ptr, hh, vv)); else { /* Expand bounding box if necessary */ min(x_min,hh - ptr->xOffset/shrinkfactor); --- texk/dvipng/dvipng.h +++ texk/dvipng/dvipng.h 2010-03-18 07:43:26.000000000 +0000 @@ -387,9 +387,9 @@ void DrawPages(void); void WriteImage(char*, int); void LoadPK(int32_t, register struct char_entry *); int32_t SetChar(int32_t); -dviunits SetGlyph(int32_t c, int32_t hh,int32_t vv); +dviunits SetGlyph(struct char_entry *ptr, int32_t hh,int32_t vv); void Gamma(double gamma); -int32_t SetVF(int32_t); +int32_t SetVF(struct char_entry *ptr); int32_t SetRule(int32_t, int32_t, int32_t, int32_t); void SetSpecial(char *, int32_t, int32_t, int32_t); void BeginVFMacro(struct font_entry*); --- texk/dvipng/set.c +++ texk/dvipng/set.c 2010-04-15 09:38:23.134925288 +0000 @@ -202,10 +202,9 @@ void Gamma(double gamma) } } -dviunits SetGlyph(int32_t c, int32_t hh,int32_t vv) +dviunits SetGlyph(struct char_entry *ptr, int32_t hh,int32_t vv) /* gdImageChar can only do monochrome glyphs */ { - register struct char_entry *ptr = currentfont->chr[c]; int dst_alpha,dst_weight,tot_weight,alpha; int x,y,pos=0; int bgColor,pixelgrey,pixelcolor; --- texk/dvipng/vf.c +++ texk/dvipng/vf.c 2010-04-15 09:39:21.691425023 +0000 @@ -28,11 +28,10 @@ #define VF_ID 202 #define LONG_CHAR 242 -int32_t SetVF(int32_t c) +int32_t SetVF(struct char_entry* ptr) { struct font_entry* currentvf; unsigned char *command,*end; - struct char_entry* ptr=currentfont->chr[c]; currentvf=currentfont; BeginVFMacro(currentvf); @@ -117,7 +116,7 @@ void InitVF(struct font_entry * tfontp) tcharptr->tfmw = (int32_t) ((int64_t) tcharptr->tfmw * tfontp->s / (1 << 20)); DEBUG_PRINT(DEBUG_VF,(" (%d)",tcharptr->tfmw)); - if (c > NFNTCHARS) /* Only positive for now */ + if (c < 0 || c >= NFNTCHARS) /* Only positive for now */ Fatal("VF font %s exceeds char numbering limit",tfontp->name); tfontp->chr[c] = tcharptr; tcharptr->data=position; --- texk/dvipsk/dospecial.c +++ texk/dvipsk/dospecial.c 2010-04-29 14:30:10.000000000 +0000 @@ -325,7 +325,11 @@ void predospecial P2C(integer, numbytes, int j ; static int omega_specials = 0; - if (nextstring + numbytes > maxstring) { + if (numbytes < 0 || numbytes > maxstring - nextstring) { + if (numbytes < 0 || numbytes > (INT_MAX - 1000) / 2 ) { + error("! Integer overflow in predospecial"); + exit(1); + } p = nextstring = mymalloc(1000 + 2 * numbytes) ; maxstring = nextstring + 2 * numbytes + 700 ; } @@ -903,7 +907,11 @@ float *bbdospecial P1C(int, nbytes) char seen[NKEYS] ; float valseen[NKEYS] ; - if (nextstring + nbytes > maxstring) { + if (nbytes < 0 || nbytes > maxstring - nextstring) { + if (nbytes < 0 || nbytes > (INT_MAX - 1000) / 2 ) { + error("! Integer overflow in bbdospecial"); + exit(1); + } p = nextstring = mymalloc(1000 + 2 * nbytes) ; maxstring = nextstring + 2 * nbytes + 700 ; } --- texk/dvipsk/virtualfont.c +++ texk/dvipsk/virtualfont.c 2010-04-15 09:32:17.242926052 +0000 @@ -2,6 +2,8 @@ * Here's the code to load a VF file into memory. * Any resemblance between this file and loadfont.c is purely uncoincidental. */ +#include <limits.h> +#include <stdio.h> #include "dvips.h" /* The copyright notice in that file is included too! */ #ifdef KPATHSEA #include <kpathsea/c-pathmx.h> @@ -21,7 +23,7 @@ extern quarterword *raster ; #ifndef KPATHSEA extern char *vfpath ; #endif -extern char errbuf[200] ; +extern char errbuf[LINE_MAX] ; extern real conv ; extern real vconv ; extern real alpha ; @@ -36,11 +38,11 @@ extern Boolean noomega ; * Subroutine vfbyte returns the next byte. */ static FILE *vffile ; -static char name[50] ; +static char name[PATH_MAX] ; void badvf P1C(char *, s) { - (void)sprintf(errbuf,"! Bad VF file %s: %s",name,s) ; + (void)snprintf(errbuf, sizeof(errbuf), "! Bad VF file %s: %s",name,s) ; error(errbuf); } @@ -94,9 +96,9 @@ vfopen P1C(register fontdesctype *, fd) d = vfpath ; #endif #ifdef MVSXA /* IBM: MVS/XA */ - (void)sprintf(name, "vf(%s)", n) ; + (void)snprintf(name, sizeof(name), "vf(%s)", n) ; #else - (void)sprintf(name, "%s.vf", n) ; + (void)snprintf(name, sizeof(name), "%s.vf", n) ; #endif #ifdef KPATHSEA if (0 != (vffile=search(vfpath, name, READBIN))) @@ -212,7 +214,7 @@ virtualfont P1C(register fontdesctype *, check_checksum (k, curfnt->checksum, curfnt->name); k = (integer)(alpha * (real)vfquad()) ; if (k > curfnt->designsize + 2 || k < curfnt->designsize - 2) { - (void)sprintf(errbuf,"Design size mismatch in font %s", name) ; + (void)snprintf(errbuf, sizeof(errbuf), "Design size mismatch in font %s", name) ; error(errbuf) ; } /*
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor