| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Functions to handle replies to font server requests were casting replies
from the generic form to reply specific structs without first checking
that the reply was at least as long as the struct being cast to.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
The connection setup reply from the font server can include a list
of alternate servers to contact if this font server stops working.
The reply specifies a total size of all the font server names, and
then provides a list of names. _fs_recv_conn_setup() allocated the
specified total size for copying the names to, but didn't check to
make sure it wasn't copying more data to that buffer than the size
it had allocated.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
lexAlias() reads from a file in a loop. It does this by starting with a
64 byte buffer. If that size limit is hit, it does a realloc of the
buffer size << 1, basically doubling the needed length every time the
length limit is hit.
Eventually, this will shift out to 0 (for a length of ~4gig), and that
length will be passed on to realloc(). A length of 0 (with a valid
pointer) causes realloc to free the buffer on most POSIX platforms,
but the caller will still have a pointer to it, leading to use after
free issues.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
FontFileReadDirectory() opens a fonts.dir file, and reads over every
line in an fscanf loop. For each successful entry read (font name,
file name) a call is made to FontFileAddFontFile().
FontFileAddFontFile() will add a font file entry (for the font name
and file) each time it’s called, by calling FontFileAddEntry().
FontFileAddEntry() will do the actual adding. If the table it has
to add to is full, it will do a realloc, adding 100 more entries
to the table size without checking to see if that will overflow the
int used to store the size.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
When _fs_load_glyphs calls fs_send_open_font with FontReopen set, it
passes a NULL name and namelen of 0, since fs_send_open_font is going
to reuse the previous name.
This overly restrictive check was added in XFree86 4.3.99.12:
http://cvsweb.xfree86.org/cvsweb/xc/lib/font/fc/fserve.c.diff?r1=3.23&r2=3.24
http://cvsweb.xfree86.org/cvsweb/xc/lib/font/fc/fserve.c?rev=3.24&content-type=text/vnd.viewcvs-markup
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Instead of editing fsio.h to turn on debugging logs, just add
-DDEBUG to CPPFLAGS when building.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Fixes clang analyzer warning:
bufio.c:165:13: warning: Access to field 'bufp' results in a dereference
of a null pointer (loaded from variable 'f')
f->bufp = f->buffer;
~ ^
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Thomas Klausner <wiz@NetBSD.org>
|
|
"FreeType" is only eight bytes long. The atom "FreeType\x00\x??" is
probably not what the author intended.
Signed-off-by: Peter Harris <pharris@opentext.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Many const char issues.
One extra 'i' declared in ScaleFont; we can just use the same 'i' as
exists at the top level scope.
Also ignore bad-function-cast in ftfuncs.c and bitscale.c because
we're casting the return value from floor or ceil from double to
int. As floor and ceil are kinda designed to generate integer results,
it's pretty clear that we're doing what we want and that the compiler
is generating noise. I'm not sure why bad-function-cast is ever a good
warning to turn on, but I'll leave that for another day.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Found by cppcheck 1.63:
[FreeType/xttcap.c:621] -> [FreeType/xttcap.c:624]: (performance)
Variable 'len' is reassigned a value before the old one has been used.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
|
|
Quiets cppcheck 1.63 warning:
[fc/fserve.c:2972]: (error) Uninitialized variable: lcreq
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
|
|
Fixes gcc warning:
catalogue.c:336:1: warning: redundant redeclaration of
'FontFileStartListFonts' [-Wredundant-decls]
In file included from ../../include/X11/fonts/fntfilst.h:40:0,
from catalogue.c:32:
../../include/X11/fonts/fntfil.h:92:12: note: previous declaration
of 'FontFileStartListFonts' was here
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
|
|
catalogue.c: In function 'CatalogueOpenFont':
catalogue.c:290:22: warning: variable 'dir' set but not used [-Wunused-but-set-variable]
catalogue.c: In function 'CatalogueListFonts':
catalogue.c:324:22: warning: variable 'dir' set but not used [-Wunused-but-set-variable]
fpe.c: In function 'BuiltinResetFPE':
fpe.c:57:22: warning: variable 'dir' set but not used [-Wunused-but-set-variable]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
|
|
None of these could currently result in buffer overflow, as the input
and output buffers were the same size, but adding limits helps ensure
we keep it that way, if we ever resize any of these in the future.
Fixes cppcheck warnings:
[lib/libXfont/src/bitmap/bdfread.c:547]: (warning)
scanf without field width limits can crash with huge input data.
[lib/libXfont/src/bitmap/bdfread.c:553]: (warning)
scanf without field width limits can crash with huge input data.
[lib/libXfont/src/bitmap/bdfread.c:636]: (warning)
scanf without field width limits can crash with huge input data.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
Fixes cppcheck warning:
[lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
scanf without field width limits can crash with huge input data.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
In ftfuncs.c, since the buffer being reallocated is a function local
buffer, used to accumulate data for a single run of the function and
then freed at the end of the function, we just free the old buffer if
realloc fails.
In atom.c however, the ReverseMap is a static buffer, so we operate in
temporary variables until we know we're successful, then update the
static variables. If we fail, we leave the old static variables in place,
since they contain data about previous atoms we should maintain, not lose.
Reported by cppcheck:
[lib/libXfont/src/FreeType/ftfuncs.c:2122]: (error) Common realloc mistake:
'ranges' nulled but not freed upon failure
[lib/libXfont/src/util/atom.c:126]: (error) Common realloc mistake:
'reverseMap' nulled but not freed upon failure
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Makes the definition match other declarations, and xserver's definition.
Debian bug#689439
Reported-by: Michael Tautschnig <mt@debian.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Missed in xalloc -> malloc etal conversion in 0cdc9b8f850342
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
- Support for the long-deprecated INCLUDES variable will be removed
altogether in Automake 1.14. The AM_CPPFLAGS variable should be
used instead.
This variable was deprecated in Automake releases prior to 1.10, which is
the current minimum level required to build X.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
|
|
If socket is getting interrupted with signal EINTR, we should keep
socket in progress state. I have borrowed following code from socket
write _fs_flush():line274 . I have done exactly same at _fs_fill().
Socket write will not close the connection and re attempt to read buffer.
Signed-off-by: Arvind Umrao <arvind.umrao@oracle.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Allows gcc to check format strings instead of just warning about them
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Mostly due to difference between sizeof & int on 64-bit platforms
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
The compress decompression code used by libXfont rejects valid archives
with maxbits less than 12 (compress allows values 9 - 16, 16 is the
default). This is because maxbits-12 is used as index to hsize_table[].
That looks like an incorrect port of the original compress code, where:
- hsize depended on BITS, the maximum maxbits value supported by particular
build, rather than on maxbits value from the particular input file
- the same hsize was used for all BITS <= 12
The quick way to verify the problem is:
compress -b 11 fontfile.bdf
bdftopcf -o /dev/null fontfile.bdf.Z
which fails, while 12-16 works correctly.
This fix removes hsize_table and uses 1 << maxbits (aka maxmaxcode) as
tab_prefix size. As decompression code does not use hashing as compression
code, there does not seem to be a reason to allocate any extra space.
Note: In this fix, maxbits == 9 is still rejected early. AFAICS compress
is able to generate such files (unknown how correct such output is), but is
unable to uncompress them correctly.
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
If pcfReadTOC() or pcfGetProperties() fail in the beginning
of execution of pcfReadFont(), function tries to free an
uninitialized pointer (isStringProp) when bailing out.
The pointer gets now initialized correctly.
Signed-off-by: Olli Vertanen <olli.vertanen@symbio.com>
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
|
|
Assume for a moment that the intention here is to do
something useful.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
|
|
It ensures that all valid input can be decompressed, checks that the
overflow conditions doesn't happen and generally tightens the
validation of the LZW stream and doesn't pessimize the inner loop for
no good reason. It's derived from a change in libarchive from 2004.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Tomas Hoger <thoger@redhat.com>
|
|
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
git diff -w & git diff -b show no diffs from this change
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files. With X server, this may
allow privilege escalation when exploited
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Go ahead and fill in the font->info pointers so that bitmapUnloadScalable()
will free the bits that were allocated, even if some were not.
Error: Memory leak (CWE 401)
Memory leak of pointer <unknown> allocated with ComputeScaledProperties(...)
at line 1629 of /export/alanc/X.Org/git/lib/libXfont/src/bitmap/bitscale.c in function 'BitmapOpenScalable'.
pointer allocated at line 1616 with ComputeScaledProperties(...).
<unknown> leaks when props != 0 at line 1623.
[ This bug was found by the Parfait 0.3.7 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
libtool requires the '-no-undefined' flag in order to create shared
libraries on PE/COFF platforms (Cygwin/MinGW); on other platforms this
flag has no effect.
The problem with libXfont is that PE weak symbols do not behave exactly
as they do on ELF platforms. Since PE binaries (both executables and
libraries) must have all symbols resolved at link time, there is no way
for the real symbols in xserver to "displace" those in libXfont at
runtime, so the result is that libXfont uses its stubs, which do
nothing, and xserver ends up unable to find its fonts.
Solving this will require either significant changes to libXfont or some
major improvement to the toolchain to handle this case. Until that
happens, removing '-no-undefined' will result in a static-only library
on these platforms, which is the only currently working solution.
http://sourceware.org/bugzilla/show_bug.cgi?id=11306
http://cygwin.com/ml/cygwin/2010-04/msg00281.html
This reverts commit 69c4ae1e3e14a58bc2eb9b9b8820dc7183b82a67.
Conflicts:
ChangeLog
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
|
|
Sun compilers use #pragma weak in the *.c files to declare weak symbols,
so should have weak defined to empty, but not define NO_WEAK_SYMBOLS
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Since we fix this by removing the serverGeneration symbol, assuming
an external definition will be provided, this means on Windows libXfont
can only be built as a static library (since PE shared libraries cannot
contain undefined symbols). This produces a libXfont which might only
be useful to the xserver, but the only other users we might care about
are xfs, which is obsolete, and bdftopcf, which fortunately doesn't
pull in any objects which reference serverGeneration from libXfont.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
|
|
X server doesn't need to understand fpe internals, so let it transparent
turning all registration functions in a single one. For that, fill the already
existent register_fpe_functions().
Some X servers don't want font server support, so this patch also sets font
server support to be configured in build time.
In my machine, I see 20kB of RSS being saved in libXfont mapped in Xorg
process when I disabled font server support and other kind of fonts in the
library (--disable-pcfformat --disable-bdfformat --disable-snfformat
--disable-freetype --disable-fc).
The default library built was taking:
text data bss dec hex filename
261847 4484 1536 267867 4165b ./lib/libXfont.so
and with these flags, it jumps to:
text data bss dec hex filename
157764 2428 1188 161380 27664 ./lib/libXfont.so
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
|
Seems to have been a leftover from before the encoding code was split
out into libfontenc by XFree86
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Besides cluttering Valgrind output, this might also be an information leak.
Signed-off-by: Peter Astrand <astrand@cendio.se>
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
