summaryrefslogtreecommitdiff
path: root/src/fontfile
diff options
context:
space:
mode:
Diffstat (limited to 'src/fontfile')
-rw-r--r--src/fontfile/dirfile.c22
-rw-r--r--src/fontfile/fontfile.c41
2 files changed, 51 insertions, 12 deletions
diff --git a/src/fontfile/dirfile.c b/src/fontfile/dirfile.c
index bb7c339..b75042a 100644
--- a/src/fontfile/dirfile.c
+++ b/src/fontfile/dirfile.c
@@ -25,7 +25,7 @@ used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization from The Open Group.
*/
-/* $XFree86: xc/lib/font/fontfile/dirfile.c,v 3.16 2003/04/07 16:23:31 eich Exp $ */
+/* $XFree86: xc/lib/font/fontfile/dirfile.c,v 3.18 2004/02/11 21:11:18 dawes Exp $ */
/*
* Author: Keith Packard, MIT X Consortium
@@ -68,6 +68,9 @@ FontFileReadDirectory (char *directory, FontDirectoryPtr *pdir)
FontDirectoryPtr dir = NullFontDirectory;
+ if (strlen(directory) + 1 + sizeof(FontDirFile) > sizeof(dir_file))
+ return BadFontPath;
+
#ifdef FONTDIRATTRIB
/* Check for font directory attributes */
#ifndef __UNIXOS2__
@@ -159,6 +162,9 @@ FontFileDirectoryChanged(FontDirectoryPtr dir)
char dir_file[MAXFONTFILENAMELEN];
struct stat statb;
+ if (strlen(dir->directory) + sizeof(FontDirFile) > sizeof(dir_file))
+ return FALSE;
+
strcpy (dir_file, dir->directory);
strcat (dir_file, FontDirFile);
if (stat (dir_file, &statb) == -1)
@@ -207,6 +213,8 @@ AddFileNameAliases(FontDirectoryPtr dir)
continue;
len = strlen (fileName) - renderer->fileSuffixLen;
+ if (len >= sizeof(copy))
+ continue;
CopyISOLatin1Lowered (copy, fileName, len);
copy[len] = '\0';
name.name = copy;
@@ -256,9 +264,13 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir)
int status = Successful;
struct stat statb;
+ if (strlen(directory) >= sizeof(alias_file))
+ return BadFontPath;
dir = *pdir;
strcpy(alias_file, directory);
if (!isFile) {
+ if (strlen(directory) + 1 + sizeof(FontAliasFile) > sizeof(alias_file))
+ return BadFontPath;
if (directory[strlen(directory) - 1] != '/')
strcat(alias_file, "/");
strcat(alias_file, FontAliasFile);
@@ -291,6 +303,10 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir)
status = AllocError;
break;
case NAME:
+ if (strlen(lexToken) >= sizeof(alias)) {
+ status = BadFontPath;
+ break;
+ }
strcpy(alias, lexToken);
token = lexAlias(file, &lexToken);
switch (token) {
@@ -307,6 +323,10 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir)
status = AllocError;
break;
case NAME:
+ if (strlen(lexToken) >= sizeof(font_name)) {
+ status = BadFontPath;
+ break;
+ }
CopyISOLatin1Lowered(alias, alias, strlen(alias));
CopyISOLatin1Lowered(font_name, lexToken, strlen(lexToken));
if (!FontFileAddFontAlias (dir, alias, font_name))
diff --git a/src/fontfile/fontfile.c b/src/fontfile/fontfile.c
index a0323be..22f844f 100644
--- a/src/fontfile/fontfile.c
+++ b/src/fontfile/fontfile.c
@@ -25,7 +25,7 @@ used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization from The Open Group.
*/
-/* $XFree86: xc/lib/font/fontfile/fontfile.c,v 3.21 2003/12/02 19:50:40 dawes Exp $ */
+/* $XFree86: xc/lib/font/fontfile/fontfile.c,v 3.22 2004/02/11 21:11:20 dawes Exp $ */
/*
* Author: Keith Packard, MIT X Consortium
@@ -423,11 +423,16 @@ FontFileOpenFont (pointer client, FontPathElementPtr fpe, Mask flags,
vals.ranges = ranges;
vals.nranges = nranges;
- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
flags, entry, fileName, &vals, format, fmask,
non_cachable_font);
+ }
/* In case rasterizer does something bad because of
charset subsetting... */
@@ -498,6 +503,8 @@ FontFileOpenBitmapNCF (FontPathElementPtr fpe, FontPtr *pFont,
bitmap = &entry->u.bitmap;
if(!bitmap || !bitmap->renderer->OpenBitmap)
return BadFontName;
+ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
+ return BadFontName;
strcpy (fileName, dir->directory);
strcat (fileName, bitmap->fileName);
ret = (*bitmap->renderer->OpenBitmap)
@@ -533,6 +540,8 @@ FontFileGetInfoBitmap (FontPathElementPtr fpe, FontInfoPtr pFontInfo,
bitmap = &entry->u.bitmap;
if (!bitmap || !bitmap->renderer->GetInfoBitmap)
return BadFontName;
+ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
+ return BadFontName;
strcpy (fileName, dir->directory);
strcat (fileName, bitmap->fileName);
ret = (*bitmap->renderer->GetInfoBitmap) (fpe, pFontInfo, entry, fileName);
@@ -872,10 +881,15 @@ FontFileListOneFontWithInfo (pointer client, FontPathElementPtr fpe,
bc = &entry->u.bc;
entry = bc->entry;
/* Make a new scaled instance */
- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->GetInfoScalable)
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->GetInfoScalable)
(fpe, *pFontInfo, entry, tmpName, fileName, &bc->vals);
+ }
break;
#endif
default:
@@ -980,10 +994,15 @@ FontFileListOneFontWithInfo (pointer client, FontPathElementPtr fpe,
vals.nranges = nranges;
/* Make a new scaled instance */
- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->GetInfoScalable)
- (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->GetInfoScalable)
+ (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
+ }
if (ranges) xfree(ranges);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 16:37:33 +0000