[Ming-cvs] [libming/libming] cff9a3: Fix heap buffer overflow in listfdb.c

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

  Branch: refs/heads/master
  Home:   https://github.com/libming/libming
  Commit: cff9a3bd2c428ad0cd8c8deb538031e11f29a0fe
      https://github.com/libming/libming/commit/cff9a3bd2c428ad0cd8c8deb538031e11f29a0fe
  Author: Hugo Lefeuvre <hl...@de...>
  Date:   2018-03-11 (Sun, 11 Mar 2018)

  Changed paths:
    M NEWS
    M util/listfdb.c

  Log Message:
  -----------
  Fix heap buffer overflow in listfdb.c

listfdb reads nGlyphs + 1 glyphs and stores them in an array of size
nGlyphs*sizeof(int), resulting in a heap buffer overflow.

In this commit we replace for(i=0; i<=nGlyphs; ++i)
by for(i=0; i < nGlyphs; ++i) so that only nGlyphs glyphs are read.

This patch addresses CVE-2018-6358 (fixes #104).

  Commit: c622cfcedef8c905776fcd9d70b8c1d115ba99b0
      https://github.com/libming/libming/commit/c622cfcedef8c905776fcd9d70b8c1d115ba99b0
  Author: Hugo Lefeuvre <hl...@de...>
  Date:   2018-03-11 (Sun, 11 Mar 2018)

  Changed paths:
    M NEWS
    M util/Makefile.am
    M util/listfdb.c
    M util/read.h

  Log Message:
  -----------
  Fix code duplication issue in listfdb

listfdb is shipping a large portion of duplicate code from the read
module. This is a major security flaw given that the copied source
code is affected by a large number of security issues (actually,
almost all issues discovered in read.c for a long long time).

In this patch we remove the duplicate code from listfdb.

In order to do this we:
- Link again read.h
- Add the required dependency in util/Makefile.am
- Make the bufbits variable extern in read.h

This patch fixes #107 and #106 (and probably a *lot* of other issues).

  Commit: 03498cf4e0319d8836aba96ce8a817beaabb441e
      https://github.com/libming/libming/commit/03498cf4e0319d8836aba96ce8a817beaabb441e
  Author: Hugo Lefeuvre <hl...@de...>
  Date:   2018-03-11 (Sun, 11 Mar 2018)

  Changed paths:
    M NEWS
    M util/listfdb.c
    M util/main.c

  Log Message:
  -----------
  Fix various compiler warnings.

Remove useless variables blockstart, blockoffset and here.

  Commit: c4d20b127bac8cfd13fc7a965f3ffdf3d59e5793
      https://github.com/libming/libming/commit/c4d20b127bac8cfd13fc7a965f3ffdf3d59e5793
  Author: Sandro Santilli <st...@kb...>
  Date:   2018-03-11 (Sun, 11 Mar 2018)

  Changed paths:
    M NEWS
    M util/Makefile.am
    M util/listfdb.c
    M util/main.c
    M util/read.h

  Log Message:
  -----------
  Merge pull request #124 from hlef/master

Fix several issues in listfdb and some compiler warnings

Compare: https://github.com/libming/libming/compare/dacce30cc095...c4d20b127bac