Menu

Commit [d50207]  Maximize  Restore  History

various overflow cases found by fuzzing

Credits:
Tim Blazytko
Cornelius Aschermann
Sergej Schumilo
Nils Bars

Bug 2088: term.c(strlen_tex)
Bug 2089: metapost.trm tgif.trm (arbitrarily long font name)
Bug 2092: cgm.trm overwrites trailing '\0' in default font name
also context.trm emf.trm
Bug 2094: also post.trm
Bug 2093: datafile.c expand df_line on input as necessary to hold string data
Bug 2095: eepic.trm (EEPIC_put_text) ignore request to print empty string

Ethan A Merritt Ethan A Merritt 2018-11-19

changed src/datafile.c
changed src/set.c
changed src/term.c
changed term/cgm.trm
changed term/context.trm
changed term/eepic.trm
changed term/emf.trm
changed term/metapost.trm
changed term/post.trm
changed term/tgif.trm
src/datafile.c Diff Switch to side-by-side view
Loading...
src/set.c Diff Switch to side-by-side view
Loading...
src/term.c Diff Switch to side-by-side view
Loading...
term/cgm.trm Diff Switch to side-by-side view
Loading...
term/context.trm Diff Switch to side-by-side view
Loading...
term/eepic.trm Diff Switch to side-by-side view
Loading...
term/emf.trm Diff Switch to side-by-side view
Loading...
term/metapost.trm Diff Switch to side-by-side view
Loading...
term/post.trm Diff Switch to side-by-side view
Loading...
term/tgif.trm Diff Switch to side-by-side view
Loading...