about summary refs log tree commit diff
diff options
context:
space:
mode:
authorgiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2018-07-07 02:16:49 +0000
committergiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2018-07-07 02:16:49 +0000
commit15296514ef95b0a88b429013661b19465dbdd150 (patch)
tree11e4772a7ef02d2229ed4bf9cfdb15e8f575554e
parent81ba0303f29b08507cccad29eecf2b30b012df63 (diff)
downloadnetpbm-mirror-15296514ef95b0a88b429013661b19465dbdd150.tar.gz
netpbm-mirror-15296514ef95b0a88b429013661b19465dbdd150.tar.xz
netpbm-mirror-15296514ef95b0a88b429013661b19465dbdd150.zip
Release 10.83.01
git-svn-id: http://svn.code.sf.net/p/netpbm/code/advanced@3293 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat
-rw-r--r--doc/HISTORY6
-rw-r--r--lib/libpbmfont.c38
-rw-r--r--version.mk2
3 files changed, 41 insertions, 5 deletions
diff --git a/doc/HISTORY b/doc/HISTORY
index f26ccb32..0b428c4a 100644
--- a/doc/HISTORY
+++ b/doc/HISTORY
@@ -4,6 +4,12 @@ Netpbm.
 CHANGE HISTORY 
 --------------
 
+18.07.07 BJH  Release 10.83.01
+
+              pbmtext; libnetpbm BDF font processing: fix invalid memory
+              reference when BDF font file has invalid syntax.  Broken
+              in primordial Netpbm, ca 1993.
+
 18.06.30 BJH  Release 10.83.00
 
               Add pamlevels.  Thanks Anton Shepelev <anton.txt@gmail.com>.
diff --git a/lib/libpbmfont.c b/lib/libpbmfont.c
index 8f308eda..24858b04 100644
--- a/lib/libpbmfont.c
+++ b/lib/libpbmfont.c
@@ -754,6 +754,8 @@ interpEncoding(const char **  const arg,
     bool badCodepoint;
     unsigned int codepoint;
 
+    if (!arg[1])
+        pm_error("Invalid ENCODING statement - no arguments");
     if (atoi(arg[1]) >= 0) {
         codepoint = atoi(arg[1]);
         gotCodepoint = true;
@@ -857,10 +859,14 @@ processChars(Readline *     const readlineP,
    just after the CHARS line.  Read the rest of the block and apply its
    contents to *fontP.
 -----------------------------------------------------------------------------*/
-    unsigned int const nCharacters = atoi(readlineP->arg[1]);
-
+    unsigned int nCharacters;
     unsigned int nCharsDone;
 
+    if (!readlineP->arg[1])
+        pm_error("Invalid CHARS line - no arguments");
+
+    nCharacters = atoi(readlineP->arg[1]);
+
     nCharsDone = 0;
 
     while (nCharsDone < nCharacters) {
@@ -874,6 +880,8 @@ processChars(Readline *     const readlineP,
             /* ignore */
         } else if (!streq(readlineP->arg[0], "STARTCHAR"))
             pm_error("no STARTCHAR after CHARS in BDF font file");
+        else if (!readlineP->arg[1])
+            pm_error("Invalid STARTCHAR - no arguments");
         else {
             const char * const charName = pm_strdup(readlineP->arg[1]);
 
@@ -900,12 +908,22 @@ processChars(Readline *     const readlineP,
                 readExpectedStatement(readlineP, "SWIDTH");
                     
                 readExpectedStatement(readlineP, "DWIDTH");
+                if (!readlineP->arg[1])
+                    pm_error("Invalid DWIDTH statement - no arguments");
                 glyphP->xadd = atoi(readlineP->arg[1]);
 
                 readExpectedStatement(readlineP, "BBX");
+                if (!readlineP->arg[1])
+                    pm_error("Invalid BBX statement - no arguments");
                 glyphP->width  = atoi(readlineP->arg[1]);
+                if (!readlineP->arg[2])
+                    pm_error("Invalid BBX statement - only 1 argument");
                 glyphP->height = atoi(readlineP->arg[2]);
+                if (!readlineP->arg[3])
+                    pm_error("Invalid BBX statement - only 2 arguments");
                 glyphP->x      = atoi(readlineP->arg[3]);
+                if (!readlineP->arg[4])
+                    pm_error("Invalid BBX statement - only 3 arguments");
                 glyphP->y      = atoi(readlineP->arg[4]);
 
                 validateGlyphLimits(fontP, glyphP, charName);
@@ -948,9 +966,13 @@ processBdfFontLine(Readline     * const readlineP,
         /* ignore */
     } else if (streq(readlineP->arg[0], "STARTPROPERTIES")) {
         /* Read off the properties and ignore them all */
-        unsigned int const propCount = atoi(readlineP->arg[1]);
-
+        unsigned int propCount;
         unsigned int i;
+
+        if (!readlineP->arg[1])
+            pm_error("Invalid STARTPROPERTIES statement - no arguments");
+        propCount = atoi(readlineP->arg[1]);
+
         for (i = 0; i < propCount; ++i) {
             bool eof;
             readline_read(readlineP, &eof);
@@ -958,9 +980,17 @@ processBdfFontLine(Readline     * const readlineP,
                 pm_error("End of file after STARTPROPERTIES in BDF font file");
         }
     } else if (streq(readlineP->arg[0], "FONTBOUNDINGBOX")) {
+        if (!readlineP->arg[1])
+            pm_error("Invalid FONTBOUNDINGBOX  statement - no arguments");
         fontP->maxwidth  = atoi(readlineP->arg[1]);
+        if (!readlineP->arg[2])
+            pm_error("Invalid FONTBOUNDINGBOX  statement - only 1 argument");
         fontP->maxheight = atoi(readlineP->arg[2]);
+        if (!readlineP->arg[3])
+            pm_error("Invalid FONTBOUNDINGBOX  statement - only 2 arguments");
         fontP->x = atoi(readlineP->arg[3]);
+        if (!readlineP->arg[4])
+            pm_error("Invalid FONTBOUNDINGBOX  statement - only 3 arguments");
         fontP->y = atoi(readlineP->arg[4]);
         validateFontLimits(fontP);
     } else if (streq(readlineP->arg[0], "ENDPROPERTIES")) {
diff --git a/version.mk b/version.mk
index 38f009f0..7275fd3f 100644
--- a/version.mk
+++ b/version.mk
@@ -1,3 +1,3 @@
 NETPBM_MAJOR_RELEASE = 10
 NETPBM_MINOR_RELEASE = 83
-NETPBM_POINT_RELEASE = 0
+NETPBM_POINT_RELEASE = 1
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-02 18:02:26 +0000