summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Huddleston Sequoia <jeremyhu@apple.com>2016-09-18 16:25:22 -0700
committerJeremy Huddleston Sequoia <jeremyhu@apple.com>2016-09-18 16:25:59 -0700
commit07b761b0862bcea65b83052b9d960c4459af0466 (patch)
tree09de5312c641894424c94f5ef47e22e7468f6fc0
parentecb248d8865df376a97a795c2e4f58a3bf64c3f1 (diff)
mkfontscale: Avoid a buffer underrun
https://bugs.freedesktop.org/show_bug.cgi?id=96905 ================================================================= ==3068==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000de6f at pc 0x000109df79d1 bp 0x7fff55e37d90 sp 0x7fff55e37550 READ of size 1 at 0x60300000de6f thread T0 #0 0x109df79d0 in wrap_strcmp (libclang_rt.asan_osx_dynamic.dylib+0xe9d0) #1 0x109dc8ef7 in fontFileOpen (mkfontscale+0x100001ef7) #2 0x109dc8e0b in bitmapIdentify (mkfontscale+0x100001e0b) #3 0x109dcc874 in doDirectory (mkfontscale+0x100005874) #4 0x109dcbc78 in main (mkfontscale+0x100004c78) #5 0x7fff9083f5ac in start (libdyld.dylib+0x35ac) #6 0x3 (<unknown module>) 0x60300000de6f is located 1 bytes to the left of 20-byte region [0x60300000de70,0x60300000de84) allocated by thread T0 here: #0 0x109e34570 in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib+0x4b570) #1 0x109dca92a in dsprintf (mkfontscale+0x10000392a) #2 0x109dcc788 in doDirectory (mkfontscale+0x100005788) #3 0x109dcbc78 in main (mkfontscale+0x100004c78) #4 0x7fff9083f5ac in start (libdyld.dylib+0x35ac) #5 0x3 (<unknown module>) Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
-rw-r--r--ident.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/ident.c b/ident.c
index 22d3648..f7fe9e1 100644
--- a/ident.c
+++ b/ident.c
@@ -83,7 +83,7 @@ static inline void *
fontFileOpen(fontFile *ff, const char *filename) {
int n = strlen(filename);
- if (strcmp(filename + n - 4, ".bz2") == 0) {
+ if (n > 4 && strcmp(filename + n - 4, ".bz2") == 0) {
ff->type = bz2FontFile;
ff->f.bz2 = BZ2_bzopen(filename, "rb");
ff->pos = 0;