diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | generic/tkFont.c | 4 |
2 files changed, 9 insertions, 2 deletions
@@ -1,5 +1,12 @@ 2002-06-26 Anton Kovalenko <a_kovalenko@users.sourceforge.net> + * generic/tkFont.c (TkTextLayoutToPostscript): fixed potential + buffer overflow which could be intentionally triggered from + within safe interpreter -- malicious applet could modify + tk::psglyphs array. + +2002-06-26 Anton Kovalenko <a_kovalenko@users.sourceforge.net> + * tests/font.test (font-32.1): updated this test to expect the new behavior of canvas postscript. diff --git a/generic/tkFont.c b/generic/tkFont.c index 90914d2..31571d1 100644 --- a/generic/tkFont.c +++ b/generic/tkFont.c @@ -11,7 +11,7 @@ * See the file "license.terms" for information on usage and redistribution * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkFont.c,v 1.15 2002/06/25 16:27:43 a_kovalenko Exp $ + * RCS: @(#) $Id: tkFont.c,v 1.16 2002/06/26 22:12:43 a_kovalenko Exp $ */ #include "tkPort.h" @@ -2827,7 +2827,7 @@ Tk_TextLayoutToPostscript(interp, layout) else buf[used++] = ')'; buf[used++] = '/'; - while( *glyphname ) + while( (*glyphname) && (used < (MAXUSE+27))) buf[used++] = *glyphname++ ; buf[used++] = '('; } |