thandle arbitrary length names in subfontname. handle overflow in offset computation in font.c - plan9port - [fork] Plan 9 from user space
HTML git clone git://src.adamsgaard.dk/plan9port
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit d4aef6a074bedb42ab9c400b5f998dd79bc57d00
DIR parent e354760aca2d985073b57cb2657493b399dcf603
HTML Author: rsc <devnull@localhost>
Date: Thu, 12 May 2005 16:55:14 +0000
handle arbitrary length names in subfontname.
handle overflow in offset computation in font.c
Diffstat:
M src/libdraw/font.c | 8 +++++---
M src/libdraw/subfontname.c | 22 +++++++++++++---------
2 files changed, 18 insertions(+), 12 deletions(-)
---
DIR diff --git a/src/libdraw/font.c b/src/libdraw/font.c
t@@ -177,7 +177,7 @@ int
loadchar(Font *f, Rune r, Cacheinfo *c, int h, int noflush, char **subfontname)
{
int i, oi, wid, top, bottom;
- Rune pic;
+ int pic; /* need >16 bits for adding offset below */
Fontchar *fi;
Cachefont *cf;
Cachesubf *subf, *of;
t@@ -270,10 +270,12 @@ loadchar(Font *f, Rune r, Cacheinfo *c, int h, int noflush, char **subfontname)
Found2:
subf->age = f->age;
+ /* possible overflow here, but works out okay */
pic += cf->offset;
- if(pic-cf->min >= subf->f->n)
+ pic -= cf->min;
+ if(pic >= subf->f->n)
goto TryPJW;
- fi = &subf->f->info[pic - cf->min];
+ fi = &subf->f->info[pic];
if(fi->width == 0)
goto TryPJW;
wid = (fi+1)->x - fi->x;
DIR diff --git a/src/libdraw/subfontname.c b/src/libdraw/subfontname.c
t@@ -9,20 +9,22 @@
char*
subfontname(char *cfname, char *fname, int maxdepth)
{
- char *t, *u, tmp1[64], tmp2[64];
+ char *t, *u, *tmp1, *tmp2;
int i;
+ t = strdup(cfname); /* t is the return string */
if(strcmp(cfname, "*default*") == 0)
- return strdup(cfname);
- t = cfname;
+ return t;
if(t[0] != '/'){
- snprint(tmp2, sizeof tmp2, "%s", fname);
+ tmp2 = strdup(fname);
u = utfrrune(tmp2, '/');
if(u)
u[0] = 0;
else
strcpy(tmp2, ".");
- snprint(tmp1, sizeof tmp1, "%s/%s", tmp2, t);
+ tmp1 = smprint("%s/%s", tmp2, t);
+ free(tmp2);
+ free(t);
t = tmp1;
}
t@@ -33,14 +35,16 @@ subfontname(char *cfname, char *fname, int maxdepth)
if((1<<i) > maxdepth)
continue;
/* try i-bit grey */
- snprint(tmp2, sizeof tmp2, "%s.%d", t, i);
- if(access(tmp2, AREAD) == 0)
- return strdup(tmp2);
+ tmp2 = smprint("%s.%d", t, i);
+ if(access(tmp2, AREAD) == 0) {
+ free(t);
+ return tmp2;
+ }
}
/* try default */
if(access(t, AREAD) == 0)
- return strdup(t);
+ return t;
return nil;
}