summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2013-12-30CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()Alan Coopersmith1-1/+1
Fixes cppcheck warning: [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) scanf without field width limits can crash with huge input data. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
2013-12-13Don't leak old allocation if realloc fails to enlarge itAlan Coopersmith2-11/+18
In ftfuncs.c, since the buffer being reallocated is a function local buffer, used to accumulate data for a single run of the function and then freed at the end of the function, we just free the old buffer if realloc fails. In atom.c however, the ReverseMap is a static buffer, so we operate in temporary variables until we know we're successful, then update the static variables. If we fail, we leave the old static variables in place, since they contain data about previous atoms we should maintain, not lose. Reported by cppcheck: [lib/libXfont/src/FreeType/ftfuncs.c:2122]: (error) Common realloc mistake: 'ranges' nulled but not freed upon failure [lib/libXfont/src/util/atom.c:126]: (error) Common realloc mistake: 'reverseMap' nulled but not freed upon failure Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2013-11-22Make serverGeneration unsignedJulien Cristau1-1/+1
Makes the definition match other declarations, and xserver's definition. Debian bug#689439 Reported-by: Michael Tautschnig <mt@debian.org> Signed-off-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-11-01Replace malloc(strlen)+strcpy/strcat calls with strdupAlan Coopersmith3-12/+5
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-11-01xstrdup -> strdupAlan Coopersmith3-31/+2
Missed in xalloc -> malloc etal conversion in 0cdc9b8f850342 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
2013-06-24Require ANSI C89 pre-processor, drop pre-C89 token pasting supportAlan Coopersmith1-5/+0
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-06-02Protect config.h inclusion with ifdef HAVE_CONFIG_H, like usual.Thomas Klausner1-0/+2
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-01-16Replace deprecated Automake INCLUDES variable with AM_CPPFLAGSAlan Coopersmith7-9/+9
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html - Support for the long-deprecated INCLUDES variable will be removed altogether in Automake 1.14. The AM_CPPFLAGS variable should be used instead. This variable was deprecated in Automake releases prior to 1.10, which is the current minimum level required to build X. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2012-12-07catalogue: Fix obvious thinkoAdam Jackson1-1/+1
Signed-off-by: Adam Jackson <ajax@redhat.com>
2012-10-29Omit catalogue support on systems without symlinksYaakov Selkowitz2-0/+6
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net> Reviewed-by: Colin Harrison <colin.harrison@virgin.net> Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2012-08-24If socket is interrupted with signal EINTR, re-attempt read.Arvind Umrao1-2/+5
If socket is getting interrupted with signal EINTR, we should keep socket in progress state. I have borrowed following code from socket write _fs_flush():line274 . I have done exactly same at _fs_fill(). Socket write will not close the connection and re attempt to read buffer. Signed-off-by: Arvind Umrao <arvind.umrao@oracle.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-11-11Use * precision notation instead of computing sprintf format stringsAlan Coopersmith1-11/+5
Allows gcc to check format strings instead of just warning about them Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2011-11-11Fix printf warnings about incorrect argument typesAlan Coopersmith5-27/+41
Mostly due to difference between sizeof & int on 64-bit platforms Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2011-11-11Add _X_ATTRIBUTE_PRINTF to *Error/*Warning functions taking printf formatsAlan Coopersmith1-1/+1
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2011-11-11Add const attributes to fix gcc -Wwrite-strings warningsAlan Coopersmith10-22/+22
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2011-10-10Support compress files with maxbits < 12Tomas Hoger1-12/+2
The compress decompression code used by libXfont rejects valid archives with maxbits less than 12 (compress allows values 9 - 16, 16 is the default). This is because maxbits-12 is used as index to hsize_table[]. That looks like an incorrect port of the original compress code, where: - hsize depended on BITS, the maximum maxbits value supported by particular build, rather than on maxbits value from the particular input file - the same hsize was used for all BITS <= 12 The quick way to verify the problem is: compress -b 11 fontfile.bdf bdftopcf -o /dev/null fontfile.bdf.Z which fails, while 12-16 works correctly. This fix removes hsize_table and uses 1 << maxbits (aka maxmaxcode) as tab_prefix size. As decompression code does not use hashing as compression code, there does not seem to be a reason to allocate any extra space. Note: In this fix, maxbits == 9 is still rejected early. AFAICS compress is able to generate such files (unknown how correct such output is), but is unable to uncompress them correctly. Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2011-09-18libxfont: An uninitialized pointer causes a crash if pcf header is corrupted.Olli Vertanen1-0/+2
If pcfReadTOC() or pcfGetProperties() fail in the beginning of execution of pcfReadFont(), function tries to free an uninitialized pointer (isStringProp) when bailing out. The pointer gets now initialized correctly. Signed-off-by: Olli Vertanen <olli.vertanen@symbio.com> Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
2011-09-18Fix empty statement in if conditional.Joerg Sonnenberger1-1/+1
Assume for a moment that the intention here is to do something useful. Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
2011-09-17Do proper input validation to fix for CVE-2011-2895.Joerg Sonnenberger1-13/+16
It ensures that all valid input can be decompressed, checks that the overflow conditions doesn't happen and generally tightens the validation of the LZW stream and doesn't pessimize the inner loop for no good reason. It's derived from a change in libarchive from 2004. Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by: Tomas Hoger <thoger@redhat.com>
2011-09-16Strip trailing whitespaceAlan Coopersmith54-656/+656
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}' git diff -w & git diff -b show no diffs from this change Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-08-10LZW decompress: fix for CVE-2011-2895Thomas Hoger1-0/+2
Specially crafted LZW stream can crash an application using libXfont that is used to open untrusted font files. With X server, this may allow privilege escalation when exploited Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-05-17Fix memory leak in allocation failure path of BitmapOpenScalable()Alan Coopersmith1-7/+4
Go ahead and fill in the font->info pointers so that bitmapUnloadScalable() will free the bits that were allocated, even if some were not. Error: Memory leak (CWE 401) Memory leak of pointer <unknown> allocated with ComputeScaledProperties(...) at line 1629 of /export/alanc/X.Org/git/lib/libXfont/src/bitmap/bitscale.c in function 'BitmapOpenScalable'. pointer allocated at line 1616 with ComputeScaledProperties(...). <unknown> leaks when props != 0 at line 1623. [ This bug was found by the Parfait 0.3.7 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2010-11-21Sun's copyrights belong to Oracle nowAlan Coopersmith1-1/+1
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-10-06Purge cvs tags.Jesse Adkins54-134/+0
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-09-27FreeType: Cleanup MUMBLE and fix printing of XLFD in debug spew.Jeremy Huddleston2-20/+10
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
2010-08-09Revert "Bug #6247: Fix build on Cygwin"Yaakov Selkowitz1-1/+1
libtool requires the '-no-undefined' flag in order to create shared libraries on PE/COFF platforms (Cygwin/MinGW); on other platforms this flag has no effect. The problem with libXfont is that PE weak symbols do not behave exactly as they do on ELF platforms. Since PE binaries (both executables and libraries) must have all symbols resolved at link time, there is no way for the real symbols in xserver to "displace" those in libXfont at runtime, so the result is that libXfont uses its stubs, which do nothing, and xserver ends up unable to find its fonts. Solving this will require either significant changes to libXfont or some major improvement to the toolchain to handle this case. Until that happens, removing '-no-undefined' will result in a static-only library on these platforms, which is the only currently working solution. http://sourceware.org/bugzilla/show_bug.cgi?id=11306 http://cygwin.com/ml/cygwin/2010-04/msg00281.html This reverts commit 69c4ae1e3e14a58bc2eb9b9b8820dc7183b82a67. Conflicts: ChangeLog Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
2010-08-08Fix builds with Sun compilersAlan Coopersmith1-0/+2
Sun compilers use #pragma weak in the *.c files to declare weak symbols, so should have weak defined to empty, but not define NO_WEAK_SYMBOLS Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-07-10darwin: Fix build regression introduced by previous patchJeremy Huddleston1-1/+10
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
2010-07-08Build fix for platforms which don't have weak linkageJon TURNEY2-0/+3
Since we fix this by removing the serverGeneration symbol, assuming an external definition will be provided, this means on Windows libXfont can only be built as a static library (since PE shared libraries cannot contain undefined symbols). This produces a libXfont which might only be useful to the xserver, but the only other users we might care about are xfs, which is obsolete, and bdftopcf, which fortunately doesn't pull in any objects which reference serverGeneration from libXfont. Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk> Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
2010-06-21Use one single function to register fpe functionsTiago Vignatti1-0/+7
X server doesn't need to understand fpe internals, so let it transparent turning all registration functions in a single one. For that, fill the already existent register_fpe_functions(). Some X servers don't want font server support, so this patch also sets font server support to be configured in build time. In my machine, I see 20kB of RSS being saved in libXfont mapped in Xorg process when I disabled font server support and other kind of fonts in the library (--disable-pcfformat --disable-bdfformat --disable-snfformat --disable-freetype --disable-fc). The default library built was taking: text data bss dec hex filename 261847 4484 1536 267867 4165b ./lib/libXfont.so and with these flags, it jumps to: text data bss dec hex filename 157764 2428 1188 161380 27664 ./lib/libXfont.so Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Mikhail Gusarov <dottedmag@dottedmag.net> Reviewed-by: Alex Deucher <alexdeucher@gmail.com> Reviewed-by: Daniel Stone <daniel@fooishbar.org>
2010-01-14Update Sun license notices to current X.Org standard formAlan Coopersmith1-23/+18
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-10-07Remove unused setting of ENCODINGSDIRAlan Coopersmith1-6/+1
Seems to have been a leftover from before the encoding code was split out into libfontenc by XFree86 Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-10-06Migrate to xorg macros 1.3 & XORG_DEFAULT_OPTIONSAlan Coopersmith1-1/+1
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-09-15 Fixed int(*)()->double cast warningBob Ham1-1/+2
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2009-02-06Avoid sending uninitialized padding data over the network.Peter Astrand2-0/+11
Besides cluttering Valgrind output, this might also be an information leak. Signed-off-by: Peter Astrand <astrand@cendio.se> Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-01-29Janitor: make distcheck and .gitignorePaulo Cesar Pereira de Andrade8-48/+0
Distribute ChangeLog but not autogen.sh. Use a single toplevel .gitignore file, instead of one per subdirectory.
2009-01-20Remove some strcasecmp sillinessAdam Jackson2-32/+0
2009-01-20Allow case insensitive filename matching in fontfile.Adam Jackson2-21/+3
Simplify the freetype renderer list to match.
2009-01-20Delete some dead ifdefsAdam Jackson3-52/+0
2009-01-20Move the copy of CopyISOLatin1Lowered near its user, and un-weak it.Adam Jackson2-23/+23
2009-01-20Drop OS/2 supportAdam Jackson10-27/+9
2009-01-20xalloc -> malloc, etc.Adam Jackson33-441/+357
2009-01-20Remove PMF support.Adam Jackson3-512/+6
.pmf files are printer font metrics; they have no glyphs, just boxes for layout. They can't possibly be useful in a post-Xprint world.
2009-01-20Remove printer font support.Adam Jackson6-413/+1
Xprint is just insidious, isn't it.
2009-01-20Remove loadable renderer support.Adam Jackson4-47/+2
2009-01-20Remove useless #defineAdam Jackson1-3/+0
2009-01-20Get rid of a useless arrayAdam Jackson1-39/+3
2009-01-20const cleanupAdam Jackson1-4/+2
2009-01-20Delete Type1Adam Jackson49-15846/+1
Yes, these are still real fonts, but freetype can handle them just fine.
2009-01-20Delete speedoAdam Jackson31-10744/+2
OUT OUT OUT