From 44c1649d2a11c89137488c53e3a1c383fe79c2c1 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sun, 10 Jul 2022 13:25:14 -0700 Subject: Add bounds checks to creation of min/max strings for -lll -m option Signed-off-by: Alan Coopersmith --- fslsfonts.c | 73 +++++++++++++++++++++++++++++++------------------------------ 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/fslsfonts.c b/fslsfonts.c index 73d21ec..5afc07b 100644 --- a/fslsfonts.c +++ b/fslsfonts.c @@ -51,6 +51,7 @@ in this Software without prior written authorization from The Open Group. #include #include #include +#include #ifndef N_START #define N_START 1000 /* Maximum # of fonts to start with */ @@ -89,7 +90,8 @@ static int compare ( const void *f1, const void *f2 ); static void show_fonts ( void ); static void print_font_header ( void ); static void show_font_header ( FontList *list ); -static void copy_number ( char **pp1, char **pp2, int n1, int n2 ); +static void copy_number ( char **pp1, char **pp2, char **ep1, char **ep2, + int n1, int n2, char suffix ); static void show_font_props ( FontList *list ); static void _X_NORETURN _X_COLD @@ -435,35 +437,26 @@ show_font_header(FontList *list) max[BUFSIZ]; char *pmax = max, *pmin = min; + char *emin = min + sizeof(min), + *emax = max + sizeof(max); - strcpy(pmin, " min(l,r,w,a,d) = ("); - strcpy(pmax, " max(l,r,w,a,d) = ("); - pmin += strlen(pmin); - pmax += strlen(pmax); - - copy_number(&pmin, &pmax, + copy_number(&pmin, &pmax, &emin, &emax, pfh->min_bounds.left, - pfh->max_bounds.left); - *pmin++ = *pmax++ = ','; - copy_number(&pmin, &pmax, + pfh->max_bounds.left, ','); + copy_number(&pmin, &pmax, &emin, &emax, pfh->min_bounds.right, - pfh->max_bounds.right); - *pmin++ = *pmax++ = ','; - copy_number(&pmin, &pmax, + pfh->max_bounds.right, ','); + copy_number(&pmin, &pmax, &emin, &emax, pfh->min_bounds.width, - pfh->max_bounds.width); - *pmin++ = *pmax++ = ','; - copy_number(&pmin, &pmax, + pfh->max_bounds.width, ','); + copy_number(&pmin, &pmax, &emin, &emax, pfh->min_bounds.ascent, - pfh->max_bounds.ascent); - *pmin++ = *pmax++ = ','; - copy_number(&pmin, &pmax, + pfh->max_bounds.ascent, ','); + copy_number(&pmin, &pmax, &emin, &emax, pfh->min_bounds.descent, - pfh->max_bounds.descent); - *pmin++ = *pmax++ = ')'; - *pmin = *pmax = '\0'; - printf("%s\n", min); - printf("%s\n", max); + pfh->max_bounds.descent, '\0'); + printf(" min(l,r,w,a,d) = (%s)\n", min); + printf(" max(l,r,w,a,d) = (%s)\n", max); } } @@ -471,22 +464,30 @@ show_font_header(FontList *list) #define max(a, b) ((a) > (b) ? (a) : (b)) #endif +/* + * Append string representations of n1 to pp1 and n2 to pp2, + * followed by the given suffix character, + * but not writing into or past ep1 & ep2, respectively. + * The string representations will be padded to the same width. + */ static void -copy_number(char **pp1, char **pp2, int n1, int n2) +copy_number(char **pp1, char **pp2, char **ep1, char **ep2, int n1, int n2, + char suffix) { char *p1 = *pp1; char *p2 = *pp2; - int w; - - sprintf(p1, "%d", n1); - sprintf(p2, "%d", n2); - w = (int) max(strlen(p1), strlen(p2)); - sprintf(p1, "%*d", w, n1); - sprintf(p2, "%*d", w, n2); - p1 += strlen(p1); - p2 += strlen(p2); - *pp1 = p1; - *pp2 = p2; + int w, w1, w2; + + w1 = snprintf(NULL, 0, "%d", n1); + w2 = snprintf(NULL, 0, "%d", n2); + w = (int) max(w1, w2); + assert(w > 0); + snprintf(p1, *ep1 - p1, "%*d%c", w, n1, suffix); + snprintf(p2, *ep2 - p2, "%*d%c", w, n2, suffix); + *pp1 = p1 + strlen(p1); + assert(*pp1 < *ep1); + *pp2 = p2 + strlen(p2); + assert(*pp2 < *ep2); } static void -- cgit v1.2.3