diff options
| author | Warner Losh <imp@FreeBSD.org> | 2019-06-25 06:13:56 +0000 |
|---|---|---|
| committer | Warner Losh <imp@FreeBSD.org> | 2019-06-25 06:13:56 +0000 |
| commit | 912a01b36dfff365606ede479f4db2c29e0db601 (patch) | |
| tree | d3e5c862acca67dbb20a34ec7838f85fbcbff20e /usr.bin/vtfontcvt | |
| parent | f5a95d9a07941650493461c255408f5727d0638b (diff) | |
| download | src-test2-912a01b36dfff365606ede479f4db2c29e0db601.tar.gz src-test2-912a01b36dfff365606ede479f4db2c29e0db601.zip | |
Replay r349333 by emaste accidentally reverted by r349352
vtfontcvt: improve .bdf validation
Previously if we had a FONTBOUNDINGBOX or DWIDTH entry that had missing
or invalid values and and failed sscanf, we would proceeded with
partially initialized bounding box / device width variables.
Reported by: afl (FONTBOUNDINGBOX)
MFC with: r349100
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=349353
Diffstat (limited to 'usr.bin/vtfontcvt')
| -rw-r--r-- | usr.bin/vtfontcvt/vtfontcvt.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/usr.bin/vtfontcvt/vtfontcvt.c b/usr.bin/vtfontcvt/vtfontcvt.c index 70ec7cf31812..e34308d5d365 100644 --- a/usr.bin/vtfontcvt/vtfontcvt.c +++ b/usr.bin/vtfontcvt/vtfontcvt.c @@ -335,9 +335,11 @@ parse_bdf(FILE *fp, unsigned int map_idx) break; } } - } else if (strncmp(ln, "FONTBOUNDINGBOX ", 16) == 0 && - sscanf(ln + 16, "%d %d %d %d", &fbbw, &fbbh, &fbbox, - &fbboy) == 4) { + } else if (strncmp(ln, "FONTBOUNDINGBOX ", 16) == 0) { + if (sscanf(ln + 16, "%d %d %d %d", &fbbw, &fbbh, &fbbox, + &fbboy) != 4) + errx(1, "invalid FONTBOUNDINGBOX at line %u", + linenum); set_width(fbbw); set_height(fbbh); break; @@ -353,8 +355,9 @@ parse_bdf(FILE *fp, unsigned int map_idx) linenum++; ln[length - 1] = '\0'; - if (strncmp(ln, "DWIDTH ", 7) == 0 && - sscanf(ln + 7, "%d %d", &dwidth, &dwy) == 2) { + if (strncmp(ln, "DWIDTH ", 7) == 0) { + if (sscanf(ln + 7, "%d %d", &dwidth, &dwy) != 2) + errx(1, "invalid DWIDTH at line %u", linenum); if (dwy != 0 || (dwidth != fbbw && dwidth * 2 != fbbw)) errx(1, "bitmap with unsupported DWIDTH %d %d at line %u", dwidth, dwy, linenum); |