130 lines
4.5 KiB
Diff
130 lines
4.5 KiB
Diff
|
From d70e4ba6308046f71cb51f67db8412155af52411 Mon Sep 17 00:00:00 2001
|
||
|
From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
|
||
|
Date: Sun, 26 Jan 2020 13:16:52 +0100
|
||
|
Subject: [PATCH] Reject ASCII NUL anywhere in the input
|
||
|
|
||
|
The input is read in line by line, stored in a buffer and processed further
|
||
|
with sscanf(). Embedded NUL characters ('\0') would already disturb sscanf(),
|
||
|
and nowhere does the code expect NUL characters. Therefore, detect NUL while
|
||
|
reading the input, and exit with an error message when NUL is found anywere.
|
||
|
Fixes ticket #80.
|
||
|
---
|
||
|
CHANGES | 4 ++++
|
||
|
fig2dev/read.c | 21 +++++++++++++++++++--
|
||
|
fig2dev/tests/data/text_w_ascii0.fig | Bin 0 -> 321 bytes
|
||
|
fig2dev/tests/read.at | 6 ++++++
|
||
|
4 files changed, 29 insertions(+), 2 deletions(-)
|
||
|
create mode 100644 fig2dev/tests/data/text_w_ascii0.fig
|
||
|
|
||
|
|diff --git CHANGES CHANGES
|
||
|
|index 4a414fa..f1bbbc3 100644
|
||
|
|--- CHANGES
|
||
|
|+++ CHANGES
|
||
|
|@@ -6,6 +6,10 @@ Patchlevel Xx (Xxx 20xx)
|
||
|
|
|
||
|
| BUGS FIXED:
|
||
|
| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#.
|
||
|
|+ o Fix ticket #81.
|
||
|
|+ o Do not allow ASCII NUL anywhere in input. Fixes ticket #80.
|
||
|
|+ o Use getline() to improve input scanning.
|
||
|
|+ Fixes tickets #58, #59, #61, #62, #67, #78, #79.
|
||
|
| o Correctly scan embedded pdfs for /MediaBox value.
|
||
|
| o Convert polygons having too few points to polylines. Ticket #56.
|
||
|
| o Reject huge arrow types causing integer overflow. Ticket #57.
|
||
|
diff --git fig2dev/read.c fig2dev/read.c
|
||
|
index e85ee10..86cee71 100644
|
||
|
--- fig2dev/read.c
|
||
|
+++ fig2dev/read.c
|
||
|
@@ -178,8 +178,14 @@ read_objects(FILE *fp, F_compound *obj)
|
||
|
put_msg("Could not read input file.");
|
||
|
return -1;
|
||
|
}
|
||
|
- /* seek to the end of the first line */
|
||
|
- if (strchr(buf, '\n') == NULL) {
|
||
|
+
|
||
|
+ /* check for embedded '\0' */
|
||
|
+ if (strlen(buf) < sizeof buf - 1 && buf[strlen(buf) - 1] != '\n') {
|
||
|
+ put_msg("ASCII NUL ('\\0') character within the first line.");
|
||
|
+ exit(EXIT_FAILURE);
|
||
|
+ /* seek to the end of the first line
|
||
|
+ (the only place, where '\0's are tolerated) */
|
||
|
+ } else if (buf[strlen(buf) - 1] != '\n') {
|
||
|
int c;
|
||
|
do
|
||
|
c = fgetc(fp);
|
||
|
@@ -1398,6 +1404,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len,
|
||
|
return s;
|
||
|
}
|
||
|
|
||
|
+static void
|
||
|
+exit_on_ascii_NUL(const char *restrict line, size_t chars, int line_no)
|
||
|
+{
|
||
|
+ if (strlen(line) < (size_t)chars) {
|
||
|
+ put_msg("ASCII NUL ('\\0') in line %d.", line_no);
|
||
|
+ exit(EXIT_FAILURE);
|
||
|
+ }
|
||
|
+}
|
||
|
+
|
||
|
static char *
|
||
|
find_end(const char *str, int v30flag)
|
||
|
{
|
||
|
@@ -1469,6 +1484,7 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no)
|
||
|
|
||
|
while ((chars = getline(line, line_len, fp)) != -1) {
|
||
|
++(*line_no);
|
||
|
+ exit_on_ascii_NUL(*line, chars, *line_no);
|
||
|
end = find_end(*line, v30_flag);
|
||
|
if (end) {
|
||
|
*end = '\0';
|
||
|
@@ -1640,6 +1656,7 @@ get_line(FILE *fp, char **restrict line, size_t *line_len, int *line_no)
|
||
|
if (**line == '\n' || (**line == '\r' &&
|
||
|
chars == 2 && (*line)[1] == '\n'))
|
||
|
continue;
|
||
|
+ exit_on_ascii_NUL(*line, chars, *line_no);
|
||
|
/* remove newline and possibly a carriage return */
|
||
|
if ((*line)[chars-1] == '\n') {
|
||
|
chars -= (*line)[chars - 2] == '\r' ? 2 : 1;
|
||
|
|diff --git fig2dev/tests/data/text_w_ascii0.fig fig2dev/tests/data/text_w_ascii0.fig
|
||
|
|new file mode 100644
|
||
|
|index 0000000000000000000000000000000000000000..fb15b306b26a42446b809d0caf77efcfc73c588a
|
||
|
|GIT binary patch
|
||
|
|literal 321
|
||
|
|zcmV-H0lxktMoC8?GcGa;Okr+hb7Ns}WeP)OZggdG3Q2BbXk~K>Ol5R*WpWBJFfcAK
|
||
|
|zFbY#?Zf9&|3N11UF)}bPATkOxATS^>ATl5@ATl)|F*Y+GGch1HATS^xFd!{4ATb~?
|
||
|
|zATkOdFeV^0ATcs9AT=O)Tp%DYATS^>US3{aUP@kGUS3`R!hplS!@pi$US3{aUS3{a
|
||
|
|zUS3{aUS3{aUS3{aG&LYaTrf#7d0a3sF$yCzATS^>AT=-`EioW1F(5HAATTa4ATS^?
|
||
|
|zH83DFFf|}BATS_7ZXjWEV`*t1dS!BNASYa0Fee~rWpZU8Ej|D)E-qniWFT{IZDk;B
|
||
|
|zZ*pZIbY*ySAZBlDY;SjIZf7hYcWHEJAYmY5WpZ?3X>K54ZEtmMbRchLAZ=-GX>E0F
|
||
|
|TAY*7@a$#e1WpZ;|FfcI+7J*tc
|
||
|
|
|
||
|
|literal 0
|
||
|
|KcmV+b0RR6000031
|
||
|
|
|
||
|
|diff --git fig2dev/tests/read.at fig2dev/tests/read.at
|
||
|
|index 331afb5..60982b0 100644
|
||
|
|--- fig2dev/tests/read.at
|
||
|
|+++ fig2dev/tests/read.at
|
||
|
|@@ -407,6 +407,7 @@ EOF
|
||
|
| AT_CLEANUP
|
||
|
|
|
||
|
| AT_SETUP([allow tex font -1, ticket #81])
|
||
|
|+AT_KEYWORDS([pict2e tikz])
|
||
|
| AT_DATA([text.fig], [FIG_FILE_TOP
|
||
|
| 4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001
|
||
|
| ])
|
||
|
|@@ -416,6 +417,11 @@ AT_CHECK([fig2dev -L tikz text.fig
|
||
|
| ], 0, ignore)
|
||
|
| AT_CLEANUP
|
||
|
|
|
||
|
|+AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80])
|
||
|
|+AT_KEYWORDS([read.c svg])
|
||
|
|+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
|
||
|
|+AT_CLEANUP
|
||
|
|+
|
||
|
| AT_BANNER([Dynamically allocate picture file name.])
|
||
|
|
|
||
|
| AT_SETUP([prepend fig file path to picture file name])
|
||
|
--
|
||
|
2.16.4
|
||
|
|