svn commit: r349107 - head/usr.bin/vtfontcvt
Ed Maste
emaste at FreeBSD.org
Sun Jun 16 13:35:54 UTC 2019
Author: emaste
Date: Sun Jun 16 13:35:53 2019
New Revision: 349107
URL: https://svnweb.freebsd.org/changeset/base/349107
Log:
vtfontcvt: improve .bdf verification
Previously we would crash if the BBX y-offset was outside of the font
bounding box.
Reported by: afl
MFC with: r349100
Event: Berlin Devsummit 2019
Sponsored by: The FreeBSD Foundation
Modified:
head/usr.bin/vtfontcvt/vtfontcvt.c
Modified: head/usr.bin/vtfontcvt/vtfontcvt.c
==============================================================================
--- head/usr.bin/vtfontcvt/vtfontcvt.c Sun Jun 16 12:44:49 2019 (r349106)
+++ head/usr.bin/vtfontcvt/vtfontcvt.c Sun Jun 16 13:35:53 2019 (r349107)
@@ -383,7 +383,8 @@ parse_bdf(FILE *fp, unsigned int map_idx)
sscanf(ln + 4, "%d %d %d %d", &bbw, &bbh, &bbox,
&bboy) == 4) {
if (bbw < 1 || bbh < 1 || bbw > fbbw || bbh > fbbh ||
- bbox < fbbox || bboy < fbboy)
+ bbox < fbbox || bboy < fbboy ||
+ bbh + bboy > fbbh + fbboy)
errx(1, "broken bitmap with BBX %d %d %d %d at line %u",
bbw, bbh, bbox, bboy, linenum);
bbwbytes = howmany(bbw, 8);
More information about the svn-src-head
mailing list