[Fontconfig] [PATCH 1/3] Leave room for null terminators in arrays

Akira TAGOH akira at tagoh.org
Tue Nov 5 03:45:39 CET 2013 

Thanks for patches. merged them.

On Sun, Nov 3, 2013 at 2:23 AM, Alan Coopersmith
<alan.coopersmith at oracle.com> wrote:
> Code currently returns a fatal error if it tries to add more entries
> than the array has room for, but it wasn't checking to make sure
> the final null terminator entry would fit.
>
> Reported by parfait 1.3:
> Error: Buffer overrun
>    Buffer overflow (CWE 120): In array dereference of files[i] with index i
>       Array size is 256 elements (of 4 bytes each), index >= 0 and index <= 256
>         at line 250 of fc-glyphname/fc-glyphname.c in function 'main'.
> Error: Buffer overrun
>    Buffer overflow (CWE 120): In array dereference of entries[i] with index i
>       Array size is 1024 elements (of 8 bytes each), index >= 0 and index <= 1024
>         at line 298 of fc-lang/fc-lang.c in function 'main'.
>
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
>  fc-glyphname/fc-glyphname.c |    2 +-
>  fc-lang/fc-lang.c           |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fc-glyphname/fc-glyphname.c b/fc-glyphname/fc-glyphname.c
> index 8402781..078490a 100644
> --- a/fc-glyphname/fc-glyphname.c
> +++ b/fc-glyphname/fc-glyphname.c
> @@ -233,7 +233,7 @@ dump (FcGlyphName * const *table, const char *name)
>  int
>  main (int argc FC_UNUSED, char **argv)
>  {
> -    char       *files[MAX_GLYPHFILE];
> +    char       *files[MAX_GLYPHFILE + 1];
>      char       line[1024];
>      FILE       *f;
>      int                i;
> diff --git a/fc-lang/fc-lang.c b/fc-lang/fc-lang.c
> index 0f4217f..38fc697 100644
> --- a/fc-lang/fc-lang.c
> +++ b/fc-lang/fc-lang.c
> @@ -254,7 +254,7 @@ static int compare (const void *a, const void *b)
>  int
>  main (int argc FC_UNUSED, char **argv)
>  {
> -    static Entry       entries[MAX_LANG];
> +    static Entry       entries[MAX_LANG + 1];
>      static FcCharSet   *sets[MAX_LANG];
>      static int         duplicate[MAX_LANG];
>      static int         country[MAX_LANG];
> --
> 1.7.9.2
>
> _______________________________________________
> Fontconfig mailing list
> Fontconfig at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/fontconfig



-- 
Akira TAGOH

More information about the Fontconfig mailing list