diff options
Diffstat (limited to 'libXfont/src/fontfile')
-rw-r--r-- | libXfont/src/fontfile/bufio.c | 6 | ||||
-rw-r--r-- | libXfont/src/fontfile/catalogue.c | 9 | ||||
-rw-r--r-- | libXfont/src/fontfile/dirfile.c | 12 | ||||
-rw-r--r-- | libXfont/src/fontfile/fontdir.c | 5 |
4 files changed, 17 insertions, 15 deletions
diff --git a/libXfont/src/fontfile/bufio.c b/libXfont/src/fontfile/bufio.c index 34b7f3665..d8d4f2964 100644 --- a/libXfont/src/fontfile/bufio.c +++ b/libXfont/src/fontfile/bufio.c @@ -162,8 +162,10 @@ BufFileOpenWrite (int fd) setmode(fd,O_BINARY); #endif f = BufFileCreate ((char *)(long) fd, 0, BufFileRawFlush, 0, BufFileFlush); - f->bufp = f->buffer; - f->left = BUFFILESIZE; + if (f != NULL) { + f->bufp = f->buffer; + f->left = BUFFILESIZE; + } return f; } diff --git a/libXfont/src/fontfile/catalogue.c b/libXfont/src/fontfile/catalogue.c index 09ca2ae8a..623093011 100644 --- a/libXfont/src/fontfile/catalogue.c +++ b/libXfont/src/fontfile/catalogue.c @@ -287,7 +287,6 @@ CatalogueOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, { CataloguePtr cat = fpe->private; FontPathElementPtr subfpe; - FontDirectoryPtr dir; int i, status; CatalogueRescan (fpe, FALSE); @@ -295,7 +294,6 @@ CatalogueOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, for (i = 0; i < cat->fpeCount; i++) { subfpe = cat->fpeList[i]; - dir = subfpe->private; status = FontFileOpenFont(client, subfpe, flags, name, namelen, format, fmask, id, pFont, aliasName, non_cachable_font); @@ -321,7 +319,6 @@ CatalogueListFonts (pointer client, FontPathElementPtr fpe, char *pat, { CataloguePtr cat = fpe->private; FontPathElementPtr subfpe; - FontDirectoryPtr dir; int i; CatalogueRescan (fpe, FALSE); @@ -329,18 +326,12 @@ CatalogueListFonts (pointer client, FontPathElementPtr fpe, char *pat, for (i = 0; i < cat->fpeCount; i++) { subfpe = cat->fpeList[i]; - dir = subfpe->private; FontFileListFonts(client, subfpe, pat, len, max, names); } return Successful; } -int -FontFileStartListFonts(pointer client, FontPathElementPtr fpe, - char *pat, int len, int max, - pointer *privatep, int mark_aliases); - typedef struct _LFWIData { pointer *privates; int current; diff --git a/libXfont/src/fontfile/dirfile.c b/libXfont/src/fontfile/dirfile.c index c8aff6f4f..639310c31 100644 --- a/libXfont/src/fontfile/dirfile.c +++ b/libXfont/src/fontfile/dirfile.c @@ -42,6 +42,7 @@ in this Software without prior written authorization from The Open Group. #include <sys/types.h> #include <sys/stat.h> #include <errno.h> +#include <limits.h> static Bool AddFileNameAliases ( FontDirectoryPtr dir ); static int ReadFontAlias ( char *directory, Bool isFile, @@ -90,7 +91,7 @@ FontFileReadDirectory (char *directory, FontDirectoryPtr *pdir) strcat(dir_file, FontDirFile); file = fopen(dir_file, "rt"); if (file) { -#ifndef WIN32 +#ifndef WIN32 if (fstat (fileno(file), &statb) == -1) #else if (stat (dir_file, &statb) == -1) @@ -135,7 +136,7 @@ FontFileReadDirectory (char *directory, FontDirectoryPtr *pdir) FontFileAddFontFile (dir, font_name, file_name); } fclose(file); - + } else if (errno != ENOENT) { return BadFontPath; } @@ -188,7 +189,7 @@ FontFileDirectoryChanged(FontDirectoryPtr dir) return TRUE; return FALSE; } - + /* * Make each of the file names an automatic alias for each of the files. */ @@ -212,7 +213,7 @@ AddFileNameAliases(FontDirectoryPtr dir) renderer = FontFileMatchRenderer (fileName); if (!renderer) continue; - + len = strlen (fileName) - renderer->fileSuffixLen; if (len >= sizeof(copy)) continue; @@ -374,6 +375,9 @@ lexAlias(FILE *file, char **lexToken) int nsize; char *nbuf; + if (tokenSize >= (INT_MAX >> 2)) + /* Stop before we overflow */ + return EALLOC; nsize = tokenSize ? (tokenSize << 1) : 64; nbuf = realloc(tokenBuf, nsize); if (!nbuf) diff --git a/libXfont/src/fontfile/fontdir.c b/libXfont/src/fontfile/fontdir.c index ef7ffa561..7271603ec 100644 --- a/libXfont/src/fontfile/fontdir.c +++ b/libXfont/src/fontfile/fontdir.c @@ -177,6 +177,11 @@ FontFileAddEntry(FontTablePtr table, FontEntryPtr prototype) if (table->sorted) return (FontEntryPtr) 0; /* "cannot" happen */ if (table->used == table->size) { + if (table->size >= ((INT32_MAX / sizeof(FontEntryRec)) - 100)) + /* If we've read so many entries we're going to ask for 2gb + or more of memory, something is so wrong with this font + directory that we should just give up before we overflow. */ + return NULL; newsize = table->size + 100; entry = realloc(table->entries, newsize * sizeof(FontEntryRec)); if (!entry) |