summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--generic/tkFont.c4
2 files changed, 9 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index c5c7363..e299722 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2002-06-26 Anton Kovalenko <a_kovalenko@users.sourceforge.net>
+ * generic/tkFont.c (TkTextLayoutToPostscript): fixed potential
+ buffer overflow which could be intentionally triggered from
+ within safe interpreter -- malicious applet could modify
+ tk::psglyphs array.
+
+2002-06-26 Anton Kovalenko <a_kovalenko@users.sourceforge.net>
+
* tests/font.test (font-32.1): updated this test
to expect the new behavior of canvas postscript.
diff --git a/generic/tkFont.c b/generic/tkFont.c
index 90914d2..31571d1 100644
--- a/generic/tkFont.c
+++ b/generic/tkFont.c
@@ -11,7 +11,7 @@
* See the file "license.terms" for information on usage and redistribution
* of this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tkFont.c,v 1.15 2002/06/25 16:27:43 a_kovalenko Exp $
+ * RCS: @(#) $Id: tkFont.c,v 1.16 2002/06/26 22:12:43 a_kovalenko Exp $
*/
#include "tkPort.h"
@@ -2827,7 +2827,7 @@ Tk_TextLayoutToPostscript(interp, layout)
else
buf[used++] = ')';
buf[used++] = '/';
- while( *glyphname )
+ while( (*glyphname) && (used < (MAXUSE+27)))
buf[used++] = *glyphname++ ;
buf[used++] = '(';
}