diff options
author | a_kovalenko <a_kovalenko> | 2002-06-26 22:12:43 (GMT) |
---|---|---|
committer | a_kovalenko <a_kovalenko> | 2002-06-26 22:12:43 (GMT) |
commit | 8ed012189029d6c2bb809677a0f8f3a1012538a8 (patch) | |
tree | 54c2d6c93fcd695320e9f4ff0796e41a72a7a215 | |
parent | 8007af70baf500ee3ccd58b826390de63da6f5d7 (diff) | |
download | tk-8ed012189029d6c2bb809677a0f8f3a1012538a8.zip tk-8ed012189029d6c2bb809677a0f8f3a1012538a8.tar.gz tk-8ed012189029d6c2bb809677a0f8f3a1012538a8.tar.bz2 |
Fixed potential buffer overflow from patch#546910
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | generic/tkFont.c | 4 |
2 files changed, 9 insertions, 2 deletions
@@ -1,5 +1,12 @@ 2002-06-26 Anton Kovalenko <a_kovalenko@users.sourceforge.net> + * generic/tkFont.c (TkTextLayoutToPostscript): fixed potential + buffer overflow which could be intentionally triggered from + within safe interpreter -- malicious applet could modify + tk::psglyphs array. + +2002-06-26 Anton Kovalenko <a_kovalenko@users.sourceforge.net> + * tests/font.test (font-32.1): updated this test to expect the new behavior of canvas postscript. diff --git a/generic/tkFont.c b/generic/tkFont.c index 90914d2..31571d1 100644 --- a/generic/tkFont.c +++ b/generic/tkFont.c @@ -11,7 +11,7 @@ * See the file "license.terms" for information on usage and redistribution * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkFont.c,v 1.15 2002/06/25 16:27:43 a_kovalenko Exp $ + * RCS: @(#) $Id: tkFont.c,v 1.16 2002/06/26 22:12:43 a_kovalenko Exp $ */ #include "tkPort.h" @@ -2827,7 +2827,7 @@ Tk_TextLayoutToPostscript(interp, layout) else buf[used++] = ')'; buf[used++] = '/'; - while( *glyphname ) + while( (*glyphname) && (used < (MAXUSE+27))) buf[used++] = *glyphname++ ; buf[used++] = '('; } |