Date: Sun, 16 Jun 2019 13:35:53 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r349107 - head/usr.bin/vtfontcvt Message-ID: <201906161335.x5GDZrq3080709@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Sun Jun 16 13:35:53 2019 New Revision: 349107 URL: https://svnweb.freebsd.org/changeset/base/349107 Log: vtfontcvt: improve .bdf verification Previously we would crash if the BBX y-offset was outside of the font bounding box. Reported by: afl MFC with: r349100 Event: Berlin Devsummit 2019 Sponsored by: The FreeBSD Foundation Modified: head/usr.bin/vtfontcvt/vtfontcvt.c Modified: head/usr.bin/vtfontcvt/vtfontcvt.c ============================================================================== --- head/usr.bin/vtfontcvt/vtfontcvt.c Sun Jun 16 12:44:49 2019 (r349106) +++ head/usr.bin/vtfontcvt/vtfontcvt.c Sun Jun 16 13:35:53 2019 (r349107) @@ -383,7 +383,8 @@ parse_bdf(FILE *fp, unsigned int map_idx) sscanf(ln + 4, "%d %d %d %d", &bbw, &bbh, &bbox, &bboy) == 4) { if (bbw < 1 || bbh < 1 || bbw > fbbw || bbh > fbbh || - bbox < fbbox || bboy < fbboy) + bbox < fbbox || bboy < fbboy || + bbh + bboy > fbbh + fbboy) errx(1, "broken bitmap with BBX %d %d %d %d at line %u", bbw, bbh, bbox, bboy, linenum); bbwbytes = howmany(bbw, 8);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906161335.x5GDZrq3080709>