diff options
-rw-r--r-- | doc/HISTORY | 6 | ||||
-rw-r--r-- | lib/libpbmfont.c | 38 | ||||
-rw-r--r-- | version.mk | 2 |
3 files changed, 41 insertions, 5 deletions
diff --git a/doc/HISTORY b/doc/HISTORY index f26ccb32..0b428c4a 100644 --- a/doc/HISTORY +++ b/doc/HISTORY @@ -4,6 +4,12 @@ Netpbm. CHANGE HISTORY -------------- +18.07.07 BJH Release 10.83.01 + + pbmtext; libnetpbm BDF font processing: fix invalid memory + reference when BDF font file has invalid syntax. Broken + in primordial Netpbm, ca 1993. + 18.06.30 BJH Release 10.83.00 Add pamlevels. Thanks Anton Shepelev <anton.txt@gmail.com>. diff --git a/lib/libpbmfont.c b/lib/libpbmfont.c index 8f308eda..24858b04 100644 --- a/lib/libpbmfont.c +++ b/lib/libpbmfont.c @@ -754,6 +754,8 @@ interpEncoding(const char ** const arg, bool badCodepoint; unsigned int codepoint; + if (!arg[1]) + pm_error("Invalid ENCODING statement - no arguments"); if (atoi(arg[1]) >= 0) { codepoint = atoi(arg[1]); gotCodepoint = true; @@ -857,10 +859,14 @@ processChars(Readline * const readlineP, just after the CHARS line. Read the rest of the block and apply its contents to *fontP. -----------------------------------------------------------------------------*/ - unsigned int const nCharacters = atoi(readlineP->arg[1]); - + unsigned int nCharacters; unsigned int nCharsDone; + if (!readlineP->arg[1]) + pm_error("Invalid CHARS line - no arguments"); + + nCharacters = atoi(readlineP->arg[1]); + nCharsDone = 0; while (nCharsDone < nCharacters) { @@ -874,6 +880,8 @@ processChars(Readline * const readlineP, /* ignore */ } else if (!streq(readlineP->arg[0], "STARTCHAR")) pm_error("no STARTCHAR after CHARS in BDF font file"); + else if (!readlineP->arg[1]) + pm_error("Invalid STARTCHAR - no arguments"); else { const char * const charName = pm_strdup(readlineP->arg[1]); @@ -900,12 +908,22 @@ processChars(Readline * const readlineP, readExpectedStatement(readlineP, "SWIDTH"); readExpectedStatement(readlineP, "DWIDTH"); + if (!readlineP->arg[1]) + pm_error("Invalid DWIDTH statement - no arguments"); glyphP->xadd = atoi(readlineP->arg[1]); readExpectedStatement(readlineP, "BBX"); + if (!readlineP->arg[1]) + pm_error("Invalid BBX statement - no arguments"); glyphP->width = atoi(readlineP->arg[1]); + if (!readlineP->arg[2]) + pm_error("Invalid BBX statement - only 1 argument"); glyphP->height = atoi(readlineP->arg[2]); + if (!readlineP->arg[3]) + pm_error("Invalid BBX statement - only 2 arguments"); glyphP->x = atoi(readlineP->arg[3]); + if (!readlineP->arg[4]) + pm_error("Invalid BBX statement - only 3 arguments"); glyphP->y = atoi(readlineP->arg[4]); validateGlyphLimits(fontP, glyphP, charName); @@ -948,9 +966,13 @@ processBdfFontLine(Readline * const readlineP, /* ignore */ } else if (streq(readlineP->arg[0], "STARTPROPERTIES")) { /* Read off the properties and ignore them all */ - unsigned int const propCount = atoi(readlineP->arg[1]); - + unsigned int propCount; unsigned int i; + + if (!readlineP->arg[1]) + pm_error("Invalid STARTPROPERTIES statement - no arguments"); + propCount = atoi(readlineP->arg[1]); + for (i = 0; i < propCount; ++i) { bool eof; readline_read(readlineP, &eof); @@ -958,9 +980,17 @@ processBdfFontLine(Readline * const readlineP, pm_error("End of file after STARTPROPERTIES in BDF font file"); } } else if (streq(readlineP->arg[0], "FONTBOUNDINGBOX")) { + if (!readlineP->arg[1]) + pm_error("Invalid FONTBOUNDINGBOX statement - no arguments"); fontP->maxwidth = atoi(readlineP->arg[1]); + if (!readlineP->arg[2]) + pm_error("Invalid FONTBOUNDINGBOX statement - only 1 argument"); fontP->maxheight = atoi(readlineP->arg[2]); + if (!readlineP->arg[3]) + pm_error("Invalid FONTBOUNDINGBOX statement - only 2 arguments"); fontP->x = atoi(readlineP->arg[3]); + if (!readlineP->arg[4]) + pm_error("Invalid FONTBOUNDINGBOX statement - only 3 arguments"); fontP->y = atoi(readlineP->arg[4]); validateFontLimits(fontP); } else if (streq(readlineP->arg[0], "ENDPROPERTIES")) { diff --git a/version.mk b/version.mk index 38f009f0..7275fd3f 100644 --- a/version.mk +++ b/version.mk @@ -1,3 +1,3 @@ NETPBM_MAJOR_RELEASE = 10 NETPBM_MINOR_RELEASE = 83 -NETPBM_POINT_RELEASE = 0 +NETPBM_POINT_RELEASE = 1 |