diff --git a/00cded.patch b/00cded.patch deleted file mode 100644 index adf0034..0000000 --- a/00cded.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 00cdedac7a0b029846dee891769a1e77df83a01b Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sat, 25 Jan 2020 15:04:59 +0100 -Subject: [PATCH] Accept -1 as default TeX font, fixes ticket #81 - -The default for PostScript fonts is -1, for TeX fonts 0. Accepting -1 for TeX -fonts lead to out-of-bound read. Now, -1 for TeX fonts is converted to 0. ---- - fig2dev/dev/genpict2e.c | 9 +++++---- - fig2dev/dev/gentikz.c | 9 +++++---- - fig2dev/tests/read.at | 10 ++++++++++ - 3 files changed, 20 insertions(+), 8 deletions(-) - -diff --git fig2dev/dev/genpict2e.c fig2dev/dev/genpict2e.c -index 6ab442e..dd6fd95 100644 ---- fig2dev/dev/genpict2e.c -+++ fig2dev/dev/genpict2e.c -@@ -2223,11 +2223,12 @@ put_font(F_text *t) - } - - if (psfont_text(t)) -- fprintf(tfp, "\\usefont%s", -- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]); -+ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ? -+ t->font + 1 : 0]); - else -- fprintf(tfp, "\\normalfont%s ", -- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]); -+ /* Default psfont is -1, default texfont 0, also accept -1. */ -+ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ? -+ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]); - } - - void -diff --git fig2dev/dev/gentikz.c fig2dev/dev/gentikz.c -index 797ca1c..b374e10 100644 ---- fig2dev/dev/gentikz.c -+++ fig2dev/dev/gentikz.c -@@ -1772,11 +1772,12 @@ put_font(F_text *t) - } - - if (psfont_text(t)) -- fprintf(tfp, "\\usefont%s", -- texpsfonts[t->font <= MAX_PSFONT ? t->font + 1 : 0]); -+ fprintf(tfp, "\\usefont%s", texpsfonts[t->font <= MAX_PSFONT ? -+ t->font + 1 : 0]); - else -- fprintf(tfp, "\\normalfont%s ", -- texfonts[t->font <= MAX_FONT ? t->font : MAX_FONT - 1]); -+ /* Default psfont is -1, default texfont 0, also accept -1. */ -+ fprintf(tfp, "\\normalfont%s ", texfonts[t->font <= MAX_FONT ? -+ (t->font >= 0 ? t->font : 0) : MAX_FONT - 1]); - } - - /* -diff --git fig2dev/tests/read.at fig2dev/tests/read.at -index 9b34bfb..331afb5 100644 ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at -@@ -406,6 +406,16 @@ EOF - ]) - AT_CLEANUP - -+AT_SETUP([allow tex font -1, ticket #81]) -+AT_DATA([text.fig], [FIG_FILE_TOP -+4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 -+]) -+AT_CHECK([fig2dev -L pict2e text.fig -+], 0, ignore) -+AT_CHECK([fig2dev -L tikz text.fig -+], 0, ignore) -+AT_CLEANUP -+ - AT_BANNER([Dynamically allocate picture file name.]) - - AT_SETUP([prepend fig file path to picture file name]) --- -2.16.4 - diff --git a/100e27.patch b/100e27.patch deleted file mode 100644 index d63620b..0000000 --- a/100e27.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 100e2789f8106f9cc0f7e4319c4ee7bda076c3ac Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sun, 16 Feb 2020 13:25:03 +0100 -Subject: [PATCH] Modify commit [3165d8]: Use tangent, not secant - -Use the tangent, not a secant, for short arrows on arcs. ---- - fig2dev/bound.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git fig2dev/bound.c fig2dev/bound.c -index d305ab9..ea97461 100644 ---- fig2dev/bound.c -+++ fig2dev/bound.c -@@ -1102,12 +1102,10 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, - /* add this to the length */ - h += lpt; - -- /* radius too small for this method, use normal method */ -- if (h > 2.0*r) { -+ /* secant would be too large or too small */ -+ if (h > 2.0*r || h < 0.01*r) { - arc_tangent_int(x1,y1,x2,y2,direction,x,y); - return; -- } else if (h < thick) { -- h = thick; - } - - beta=atan2(dy,dx); --- -2.16.4 - diff --git a/2f8d1a.patch b/2f8d1a.patch deleted file mode 100644 index 63a4690..0000000 --- a/2f8d1a.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 2f8d1ae9763dcdc99b88a2b14849fe37174bcd69 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Wed, 29 Jan 2020 22:53:32 +0100 -Subject: [PATCH] Reject out-of-range pattern, ticket #63 - ---- - fig2dev/object.h | 2 +- - fig2dev/tests/read.at | 19 +++++++++++++++++-- - 2 files changed, 18 insertions(+), 3 deletions(-) - -diff --git fig2dev/object.h fig2dev/object.h -index 8464010..6830b13 100644 ---- fig2dev/object.h -+++ fig2dev/object.h -@@ -61,7 +61,7 @@ typedef struct f_comment { - o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE || \ - o->thickness < 0 || o->depth < 0 || o->depth > 999 || \ - o->fill_style < UNFILLED || \ -- o->fill_style > NUMSHADES + NUMTINTS + NUMPATTERNS || \ -+ o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS || \ - o->style_val < 0.0 - - typedef struct f_ellipse { -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 2d066e4..bf117ee 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -421,15 +421,30 @@ AT_CLEANUP -| -| AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) -| AT_KEYWORDS([read.c svg]) -|-AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) -|+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], -|+1, ignore, [ASCII NUL ('\0') in line 11. -|+]) -| AT_CLEANUP -| -| AT_SETUP([reject out of range text angle, ticket #76]) -|+AT_KEYWORDS([read.c pstricks]) -| AT_CHECK([fig2dev -L pstricks < -Date: Sun, 16 Feb 2020 18:54:01 +0100 -Subject: [PATCH] Allow last line of file lacking eol char, #83, #84 - -If the last line of a fig file does not end with a newline, the code parsing -the input could read beyond the allocated buffer. This commit fixes the parsing -at two locations in the code, one in string parsing, the second where sequences -of a backslash and octal digits are converted to characters. ---- - fig2dev/read.c | 6 ++++-- - fig2dev/tests/read.at | 11 +++++++++++ - 2 files changed, 15 insertions(+), 2 deletions(-) - ---- fig2dev/read.c -+++ fig2dev/read.c 2020-09-30 10:46:34.214234522 +0000 -@@ -1483,6 +1483,8 @@ read_textobject(FILE *fp, char **restric - - len = strlen(start); - start[len++] = '\n'; /* put back the newline */ -+ start[len] = '\0'; /* and terminate the string, -+ in case nothing else is found */ - - /* allocate plenty of space */ - next = malloc(len + BUFSIZ); -@@ -1491,7 +1493,7 @@ read_textobject(FILE *fp, char **restric - free(t); - return NULL; - } -- memcpy(next, start, len); -+ memcpy(next, start, len + 1); - - while ((chars = getline(line, line_len, fp)) != -1) { - ++(*line_no); -@@ -1525,7 +1527,7 @@ read_textobject(FILE *fp, char **restric - len = end - start; - l = len; - while (c[l] != '\0') { -- if (c[l] == '\\') { -+ if (c[l] == '\\' && c[l+1] != '\0') { - /* convert 3 digit octal value */ - if (isdigit(c[l+1]) && c[l+2] != '\0' && - c[l+3] != '\0') { ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-09-30 10:46:34.262233620 +0000 -@@ -416,6 +416,17 @@ AT_CHECK([fig2dev -L tikz text.fig - ], 0, ignore) - AT_CLEANUP - -+AT_SETUP([allow files end without eol, tickets #83, #84]) -+AT_KEYWORDS([read.c]) -+AT_CHECK([AS_ECHO_N(["FIG_FILE_TOP -+4 0 0 50 0 -1 12 0 0 150 405 0 0 No end-of-line here -->"]) | \ -+ fig2dev -L box], 0, ignore) -+AT_CHECK([AS_ECHO_N(["FIG_FILE_TOP -+4 0 0 50 0 -1 12 0 0 150 405 0 0 Start string -+No end-of-line after one backslash --> \\"]) | \ -+ fig2dev -L box], 0, ignore) -+AT_CLEANUP -+ - AT_BANNER([Dynamically allocate picture file name.]) - - AT_SETUP([prepend fig file path to picture file name]) diff --git a/3165d8.patch b/3165d8.patch deleted file mode 100644 index 6085d9b..0000000 --- a/3165d8.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 3165d86c31c6323913239fdc6460be6ababd3826 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Tue, 4 Feb 2020 20:58:27 +0100 -Subject: [PATCH] Allow arrows with zero length on arcs, ticket #74 - ---- - fig2dev/bound.c | 9 +++++---- - fig2dev/tests/output.at | 10 +++++++++- - 2 files changed, 14 insertions(+), 5 deletions(-) - -diff --git fig2dev/bound.c fig2dev/bound.c -index ce7f4d1..d305ab9 100644 ---- fig2dev/bound.c -+++ fig2dev/bound.c -@@ -3,7 +3,7 @@ - * Copyright (c) 1985 Supoj Sutanthavibul - * Copyright (c) 1991 Micah Beck - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 Thomas Loimer -+ * Parts Copyright (c) 2015-2020 Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -1095,9 +1095,8 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, - r=sqrt(dx*dx+dy*dy); - h = (double) arrow->ht; - /* lines are made a little thinner in set_linewidth */ -- thick = (arrow->thickness <= THICK_SCALE) ? -- 0.5* arrow->thickness : -- arrow->thickness - THICK_SCALE; -+ thick = arrow->thickness <= THICK_SCALE ? -+ 0.5 * arrow->thickness : arrow->thickness - THICK_SCALE; - /* lpt is the amount the arrowhead extends beyond the end of the line */ - lpt = thick/2.0/(arrow->wid/h/2.0); - /* add this to the length */ -@@ -1107,6 +1106,8 @@ compute_arcarrow_angle(double x1, double y1, double x2, double y2, - if (h > 2.0*r) { - arc_tangent_int(x1,y1,x2,y2,direction,x,y); - return; -+ } else if (h < thick) { -+ h = thick; - } - - beta=atan2(dy,dx); -diff --git fig2dev/tests/output.at fig2dev/tests/output.at -index fd06727..e0d088c 100644 ---- fig2dev/tests/output.at -+++ fig2dev/tests/output.at -@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to various Devices - dnl Copyright (c) 1991 by Micah Beck - dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - dnl Parts Copyright (c) 1989-2015 by Brian V. Smith --dnl Parts Copyright (c) 2015-2019 by Thomas Loimer -+dnl Parts Copyright (c) 2015-2020 by Thomas Loimer - dnl - dnl Any party obtaining a copy of these files is granted, free of charge, a - dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -175,6 +175,14 @@ AT_CHECK([fig2dev -L pict2e -P big1.fig big1.tex && \ - ], 0, ignore) - AT_CLEANUP - -+AT_SETUP([accept arc arrows with zero height, ticket #74]) -+AT_KEYWORDS(pict2e) -+AT_CHECK([fig2dev -L pict2e < -Date: Mon, 27 Jan 2020 23:01:11 +0100 -Subject: [PATCH] Accept -1 TeX font in more places, fixes #71, #75 - -Continue the work started in commit [00cded]. Fix the fundamental issue of -tickets #71 and #75, which was hidden by commit [d70e4b]. ---- - fig2dev/dev/texfonts.h | 14 +++++++++----- - fig2dev/tests/read.at | 4 +++- - 2 files changed, 12 insertions(+), 6 deletions(-) - -diff --git fig2dev/dev/texfonts.h fig2dev/dev/texfonts.h -index 89097f2..e5254b6 100644 ---- fig2dev/dev/texfonts.h -+++ fig2dev/dev/texfonts.h -@@ -35,17 +35,21 @@ extern char texfontsizes[]; - #define MAXFONTSIZE 42 - - #ifdef NFSS --#define TEXFAMILY(F) (texfontfamily[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) --#define TEXSERIES(F) (texfontseries[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) --#define TEXSHAPE(F) (texfontshape[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) -+#define TEXFAMILY(F) texfontfamily[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] -+#define TEXSERIES(F) texfontseries[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] -+#define TEXSHAPE(F) texfontshape[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] - #endif --#define TEXFONT(F) (texfontnames[((F) <= MAX_FONT) ? (F) : (MAX_FONT-1)]) -+#define TEXFONT(F) texfontnames[(F) <= MAX_FONT ? ((F) >= 0 ? (F) : 0) \ -+ : MAX_FONT-1] - - /* - #define TEXFONTSIZE(S) (texfontsizes[((S) <= MAXFONTSIZE) ? (int)(round(S))\ - : (MAXFONTSIZE-1)]) - */ --#define TEXFONTSIZE(S) (((S) <= MAXFONTSIZE) ? texfontsizes[(int)(round(S))] : (S)) -+#define TEXFONTSIZE(S) ((S) <= MAXFONTSIZE ? texfontsizes[(int)round(S)] : (S)) - #define TEXFONTMAG(T) TEXFONTSIZE(T->size*(rigid_text(T) ? 1.0 : fontmag)) - - void setfigfont(F_text *text); /* genepic.c */ -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 60982b0..726e6da 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -406,7 +406,7 @@ EOF -| ]) -| AT_CLEANUP -| -|-AT_SETUP([allow tex font -1, ticket #81]) -|+AT_SETUP([allow tex font -1, tickets #71, #75, #81]) -| AT_KEYWORDS([pict2e tikz]) -| AT_DATA([text.fig], [FIG_FILE_TOP -| 4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 -|@@ -415,6 +415,8 @@ AT_CHECK([fig2dev -L pict2e text.fig -| ], 0, ignore) -| AT_CHECK([fig2dev -L tikz text.fig -| ], 0, ignore) -|+AT_CHECK([fig2dev -L mp text.fig -|+], 0, ignore) -| AT_CLEANUP -| -| AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) --- -2.16.4 - diff --git a/4d4e1f.patch b/4d4e1f.patch deleted file mode 100644 index 1ac8d84..0000000 --- a/4d4e1f.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 4d4e1fdac467c386cba8706aa0067d5ab8da02d7 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Mon, 3 Feb 2020 23:39:32 +0100 -Subject: [PATCH] Allow DEFAULT color in cgm and ge output, #72, #73 - -Also, fix a memory leak in gencgm.c. ---- - fig2dev/dev/gencgm.c | 8 +++++++- - fig2dev/dev/genge.c | 7 ++++--- - fig2dev/tests/data/line.fig | 2 +- - fig2dev/tests/output.at | 12 ++++++++++++ - 4 files changed, 24 insertions(+), 5 deletions(-) - -diff --git fig2dev/dev/gencgm.c fig2dev/dev/gencgm.c -index 0f472a8..e12940f 100644 ---- fig2dev/dev/gencgm.c -+++ fig2dev/dev/gencgm.c -@@ -151,9 +151,11 @@ gencgm_start(F_compound *objects) - { - int i; - char *p, *figname; -+ char *figname_buf = NULL; - - if (from) { -- figname = strdup(from); -+ figname_buf = strdup(from); -+ figname = figname_buf; - p = strrchr(figname, '/'); - if (p) - figname = p+1; /* remove path from name for comment in file */ -@@ -255,6 +257,8 @@ gencgm_start(F_compound *objects) - print_comments("% ",objects->comments, " %"); - fprintf(tfp,"%% %%\n"); - } -+ if (figname_buf) -+ free(figname_buf); - } - - int -@@ -552,6 +556,8 @@ hatchindex(index) - static void - getrgb(int color, int *r, int *g, int *b) - { -+ if (color < 0) /* DEFAULT color is black */ -+ color = 0; - if (color < NUM_STD_COLS) { - *r = stdcols[color].r * 255.; - *g = stdcols[color].g * 255.; -diff --git fig2dev/dev/genge.c fig2dev/dev/genge.c -index b171f39..5697bb6 100644 ---- fig2dev/dev/genge.c -+++ fig2dev/dev/genge.c -@@ -56,7 +56,8 @@ static void genge_ctl_spline(F_spline *s); - /* color mapping */ - /* xfig ge */ - --static int GE_COLORS[] = { 1, /* black black */ -+static int GE_COLORS[] = { 1, /* DEFAULT == black */ -+ 1, /* black black */ - 8, /* blue blue */ - 7, /* green green */ - 6, /* cyan cyan */ -@@ -438,7 +439,7 @@ back_arrow(F_line *l) - static void - set_color(int col) - { -- fprintf(tfp,"c%02d ",GE_COLORS[col]); -+ fprintf(tfp,"c%02d ",GE_COLORS[col + 1]); - } - - /* set fill if there is a fill style */ -@@ -447,7 +448,7 @@ static void - set_fill(int style, int color) - { - if (style != UNFILLED) -- fprintf(tfp,"C%02d ",GE_COLORS[color]); -+ fprintf(tfp,"C%02d ",GE_COLORS[color + 1]); - } - - /* -diff --git fig2dev/tests/data/line.fig fig2dev/tests/data/line.fig -index e033b12..bfc4976 100644 ---- fig2dev/tests/data/line.fig -+++ fig2dev/tests/data/line.fig -@@ -7,5 +7,5 @@ A9 - Single - -2 - 1200 2 --2 1 0 3 0 7 50 -1 -1 0.0 0 0 -1 0 0 3 -+2 1 0 3 -1 7 50 -1 -1 0.0 0 0 -1 0 0 3 - 50 50 500 50 500 200 -diff --git fig2dev/tests/output.at fig2dev/tests/output.at -index 9a1bc45..fd06727 100644 ---- fig2dev/tests/output.at -+++ fig2dev/tests/output.at -@@ -261,3 +261,15 @@ AT_CHECK([fig2dev -L tikz -P big1.fig big1.tex && \ - latex -halt-on-error big1.tex && latex -halt-on-error big2.tex - ], 0, ignore) - AT_CLEANUP -+ -+ -+AT_BANNER([Test other output languages.]) -+ -+AT_SETUP([allow default color in ge, cgm output, #72, #73]) -+AT_KEYWORDS(cgm ge) -+AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig -+], 0, ignore) -+AT_CHECK([fig2dev -L ge $srcdir/data/line.fig -+], 0, ignore) -+AT_CLEANUP -+ --- -2.16.4 - diff --git a/639c36.patch b/639c36.patch deleted file mode 100644 index beda148..0000000 --- a/639c36.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 639c36010a120e97a6e82e7cd57cbf9dbf4b64f1 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Tue, 4 Feb 2020 21:52:25 +0100 -Subject: [PATCH] Fix pstricks fill with non-solid default color, #77 - -In the pstricks output, filling an area with the shaded or tinted default color -is now equivalent to filling with shaded or tinted black color. ---- - fig2dev/dev/genpstricks.c | 3 ++- - fig2dev/tests/output.at | 1 - - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git fig2dev/dev/genpstricks.c fig2dev/dev/genpstricks.c -index 07c4d09..5acc1f6 100644 ---- fig2dev/dev/genpstricks.c -+++ fig2dev/dev/genpstricks.c -@@ -1856,7 +1856,8 @@ format_options(char *options, char *prefix, char *postfix, char *sqrb_init, - else if (fill_style <= 40) - /* shade or tint fill */ - sprintf(tmps, "fillstyle=solid,fillcolor=%s", -- shade_or_tint_name_after_declare_color(tmpc, fill_style, fill_color)); -+ shade_or_tint_name_after_declare_color(tmpc, fill_style, -+ fill_color == DEFAULT ? CT_BLACK : fill_color)); - else { - char *type = 0, *ps; - int angle = 0; -diff --git fig2dev/tests/output.at fig2dev/tests/output.at -index e0d088c..e1e5ca4 100644 ---- fig2dev/tests/output.at -+++ fig2dev/tests/output.at -@@ -280,4 +280,3 @@ AT_CHECK([fig2dev -L cgm $srcdir/data/line.fig - AT_CHECK([fig2dev -L ge $srcdir/data/line.fig - ], 0, ignore) - AT_CLEANUP -- --- -2.16.4 - diff --git a/CVE-2019-19555.patch b/CVE-2019-19555.patch deleted file mode 100644 index 42e70a3..0000000 --- a/CVE-2019-19555.patch +++ /dev/null @@ -1,50 +0,0 @@ -Based on 19db5fe6f77ebad91af4b4ef0defd61bd0bb358f Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Wed, 4 Dec 2019 17:56:04 +0100 -Subject: [PATCH] Allow fig 2 text ending with multiple ^A, ticket #55 - ---- - fig2dev/read.c | 4 ++-- - fig2dev/tests/read.at | 11 +++++++++++ - 2 files changed, 13 insertions(+), 2 deletions(-) - ---- fig2dev/read.c -+++ fig2dev/read.c 2019-12-05 08:48:27.630190316 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2018 by Thomas Loimer -+ * Parts Copyright (c) 2015-2019 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -1328,7 +1328,7 @@ read_textobject(FILE *fp) - If we do not find the CONTROL-A on this line then this must - be a multi-line text object and we will have to read more. */ - -- n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%[\1]", -+ n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]", - &t->type, &t->font, &t->size, &t->pen, - &t->color, &t->depth, &t->angle, - &t->flags, &t->height, &t->length, ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2019-12-05 08:48:27.634190239 +0000 -@@ -359,6 +359,17 @@ EOF - ], 0, ignore) - AT_CLEANUP - -+AT_SETUP([allow text ending with multiple ^A, ticket #55]) -+AT_KEYWORDS([read.c]) -+AT_CHECK([fig2dev -L box < -Date: Tue, 10 Dec 2019 13:17:36 +0100 -Subject: [PATCH] Reject huge arrow types, ticket #57 - -An arrow type being large enough would pass the test for -a valid type by integer overflow. ---- - fig2dev/arrow.c | 13 ++++++++----- - fig2dev/tests/read.at | 12 ++++++++++++ - 2 files changed, 20 insertions(+), 5 deletions(-) - ---- fig2dev/arrow.c -+++ fig2dev/arrow.c 2020-01-21 11:02:33.457498151 +0000 -@@ -1,9 +1,10 @@ - /* - * Fig2dev: Translate Fig code to various Devices -- * Copyright (c) 1985 by Supoj Sutantavibul - * Copyright (c) 1991 by Micah Beck -- * Parts Copyright (c) 1989-2002 by Brian V. Smith -- * Parts Copyright (c) 2015-2018 by Thomas Loimer -+ * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul -+ * Parts Copyright (c) 1989-2015 by Brian V. Smith -+ * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -78,7 +79,9 @@ make_arrow(int type, int style, double t - { - F_arrow *a; - -- if (style < 0 || style > 1 || type < 0 || (type + 1) * 2 > NUMARROWS) -+ if (style < 0 || style > 1 || type < 0 || -+ /* beware of int overflow */ -+ type > NUMARROWS || (type + 1) * 2 > NUMARROWS) - return NULL; - if (NULL == (Arrow_malloc(a))) { - put_msg(Err_mem); -@@ -90,7 +93,7 @@ make_arrow(int type, int style, double t - - a->type = type; - a->style = style; -- a->thickness = thickness*THICK_SCALE; -+ a->thickness = thickness * THICK_SCALE; - a->wid = wid; - a->ht = ht; - return a; ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-01-21 11:02:33.457498151 +0000 -@@ -135,6 +135,18 @@ A single point with a backward arrow - r - ]) - AT_CLEANUP - -+AT_SETUP([reject huge arrow-type, ticket #57]) -+AT_KEYWORDS(arrow.c arrow) -+AT_CHECK([fig2dev -L box < -Date: Sun, 5 Jan 2020 19:22:12 +0100 -Subject: [PATCH] Replace most calls to fgets() by getline() in read.c - -Also, fig files version 1.4 must begin with `#FIG 1.4`. Previously, a `#` in the -first line was sufficient to detect at least a version 1.4 fig file. -Move some variables with file scope into functions. - -This commit fixes tickets #58, #59, #61, #62, #67, #78 and #79. - -In fig2dev/lib/, replacements are provided for some library functions used in -fig2dev, e.g., strncasecmp(), strrchr(), etc. The getline() function was -introduced more recently than any of the functions provided in fig2dev/lib. -Nevertheless, for getline() a replacement function is not provided. It seems, -that all the replacement functions do not work, but nobody noticed. Therefore, -only provide a replacement function for getline() if that turns out to -be useful. -The replacement functions do not work, because a header file providing the -necessary function declarations is missing. ---- - config.h.in | 3 - configure | 11 - configure.ac | 1 - fig2dev/fig2dev.c | 4 - fig2dev/fig2dev.h | 4 - fig2dev/read.c | 908 +++++++++++++++++++++++++++----------------------- - fig2dev/read1_3.c | 12 - fig2dev/tests/read.at | 29 + - 8 files changed, 548 insertions(+), 424 deletions(-) - -|--- configure.ac -|+++ configure.ac 2020-01-21 11:31:32.048794834 +0000 -|@@ -327,6 +327,7 @@ dnl Just provide our own pi -| # example. -| AC_HEADER_STDBOOL -| AC_TYPE_SIZE_T -|+AC_TYPE_SSIZE_T -| -| # -| # Checks for library functions. ---- config.h.in -+++ config.h.in 2020-01-21 14:01:55.145152807 +0100 -@@ -184,3 +184,6 @@ - - /* Define to `unsigned int' if does not define. */ - #undef size_t -+ -+/* Define to `int' if does not define. */ -+#undef ssize_t ---- configure -+++ configure 2020-01-21 14:01:54.953150514 +0100 -@@ -6341,6 +6341,17 @@ _ACEOF - - fi - -+ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" -+if test "x$ac_cv_type_ssize_t" = xyes; then : -+ -+else -+ -+cat >>confdefs.h <<_ACEOF -+#define ssize_t int -+_ACEOF -+ -+fi -+ - - # - # Checks for library functions. ---- fig2dev/fig2dev.c -+++ fig2dev/fig2dev.c 2020-01-21 11:31:32.048794834 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -81,7 +81,7 @@ bool bgspec = false; /* flag to say -g - bool support_i18n = false; - #endif - char gif_transparent[20]="\0"; /* GIF transp color hex name (e.g. #ff00dd) */ --char papersize[20]; /* paper size */ -+char papersize[]; /* paper size */ - char boundingbox[64]; /* boundingbox */ - char lang[40]; /* selected output language */ - RGB background; /* background (if specified by -g) */ ---- fig2dev/fig2dev.h -+++ fig2dev/fig2dev.h 2020-01-21 11:31:32.048794834 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -101,7 +101,7 @@ extern bool bgspec; /* flag to say -g w - extern bool support_i18n; - #endif - extern char gif_transparent[];/* GIF transp color hex name (e.g. #ff00dd) */ --extern char papersize[]; /* paper size */ -+extern char papersize[16]; /* paper size */ - extern char boundingbox[]; /* boundingbox */ - extern char lang[]; /* selected output language */ - extern const char *Fig_color_names[]; /* hex names for Fig colors */ ---- fig2dev/read.c -+++ fig2dev/read.c 2020-01-21 11:31:32.048794834 +0000 -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -45,28 +45,34 @@ extern F_arrow *make_arrow(int type, int - User_color user_colors[MAX_USR_COLS]; /* fig2dev.h */ - int user_col_indx[MAX_USR_COLS]; /* fig2dev.h */ - int num_usr_cols; /* fig2dev.h */ --int num_object; /* read1_3.c */ - /* flags, psfonts.h, genps.c */ - int v2_flag; /* Protocol V2.0 or higher */ - int v21_flag; /* Protocol V2.1 or higher */ - int v30_flag; /* Protocol V3.0 or higher */ - int v32_flag; /* Protocol V3.2 or higher */ - --static void read_colordef(void); --static F_ellipse *read_ellipseobject(void); --static F_line *read_lineobject(FILE *fp); --static F_text *read_textobject(FILE *fp); --static F_spline *read_splineobject(FILE *fp); --static F_arc *read_arcobject(FILE *fp); --static F_compound *read_compoundobject(FILE *fp); -+static void read_colordef(char *line, int line_no); -+static F_ellipse *read_ellipseobject(char *line, int line_no); -+static F_line *read_lineobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_text *read_textobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_spline *read_splineobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_arc *read_arcobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static F_compound *read_compoundobject(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); - static F_comment *attach_comments(void); --static void count_lines_correctly(FILE *fp); --static void init_pats_used(void); --static int read_objects(FILE *fp, F_compound *obj); --static int get_line(FILE *fp); --static void skip_line(FILE *fp); --static int backslash_count(char cp[], int start); --static int save_comment(void); -+static void count_lines_correctly(FILE *fp, int *line_no); -+static void init_pats_used(void); -+static int read_objects(FILE *fp, F_compound *obj); -+static ssize_t get_line(FILE *fp, char **restrict line, -+ size_t *line_len, int *line_no); -+static void skip_line(FILE *fp); -+static ptrdiff_t backslash_count(const char *restrict cp, -+ ptrdiff_t start); -+ - static char Err_incomp[] = "Incomplete %s object at line %d."; - static char Err_invalid[] = "Invalid %s object at line %d."; - static char Err_arrow[] = "Invalid %s arrow at line %d."; -@@ -77,9 +83,6 @@ static char Err_arrow[] = "Invalid %s ar - /* max number of comments that can be stored with each object */ - #define MAXCOMMENTS 100 - --static int gif_colnum = 0; --static char buf[BUFSIZ]; --static int line_no = 0; - static char *comments[MAXCOMMENTS]; /* comments saved for current object */ - static int numcom; /* current comment index */ - static bool com_alloc = false; /* whether or not the comment array -@@ -148,7 +151,6 @@ readfp_fig(FILE *fp, F_compound *obj) - char c; - int i, status; - -- num_object = 0; - num_usr_cols = 0; - init_pats_used(); - -@@ -157,15 +159,14 @@ readfp_fig(FILE *fp, F_compound *obj) - /* initialize the comment array */ - if (!com_alloc) - for (i = 0; i < MAXCOMMENTS; ++i) -- comments[i] = (char *) NULL; -+ comments[i] = (char *)NULL; - com_alloc = true; -- memset((char*)obj, '\0', COMOBJ_SIZE); -+ memset((void *)obj, '\0', COMOBJ_SIZE); - - /* read first character to see if it is "#" (#FIG 1.4 and newer) */ - c = fgetc(fp); - if (feof(fp)) - return -2; -- memset((char*)obj, '\0', COMOBJ_SIZE); - /* put the character back */ - ungetc(c, fp); - if (c == '#') -@@ -185,25 +186,30 @@ read_objects(FILE *fp, F_compound *obj) - F_spline *s, *ls = NULL; - F_arc *a, *la = NULL; - F_compound *c, *lc = NULL; -- int object, coord_sys, len; -- -- memset((char*)obj, '\0', COMOBJ_SIZE); -- -- (void) fgets(buf, BUFSIZ, fp); /* get the version line */ -- if (strncmp(buf, "#FIG ", 5)) { -- put_msg("Incorrect format string in first line of input file."); -+ bool objects = false; -+ int object, coord_sys; -+ int line_no; -+ int gif_colnum = 0; -+ char *line; -+ char buf[16]; -+ size_t line_len = 256; -+ -+ /* Get the 15 chars of the first line. -+ Use fgets(), because get_line() would store the line as a comment */ -+ if (fgets(buf, sizeof buf, fp) == NULL) { -+ put_msg("Could not read input file."); - return -1; - } -+ /* seek to the end of the first line */ -+ if (strchr(buf, '\n') == NULL) { -+ int c; -+ do -+ c = fgetc(fp); -+ while (c != '\n' && c != EOF); -+ } - -- /* remove newline and any carriage return (from a PC, perhaps) */ -- len = strlen(buf); -- if (buf[len-1] == '\n') { -- if (buf[len-2] == '\r') -- buf[len-2] = '\0'; -- else -- buf[len-1] = '\0'; -- } else { /* fgets() only stops at newline and end-of-file */ -- put_msg("File is truncated at first line."); -+ if (strncmp(buf, "#FIG ", 5)) { -+ put_msg("Incorrect format string in first line of input file."); - return -1; - } - -@@ -211,49 +217,65 @@ read_objects(FILE *fp, F_compound *obj) - v2_flag = (!strncmp(buf, "#FIG 2", 6) || !strncmp(buf, "#FIG 3", 6)); - /* v21_flag is for version 2.1 or higher */ - v21_flag = (!strncmp(buf, "#FIG 2.1", 8) || !strncmp(buf, "#FIG 3", 6)); -- /* version 2.2 was only beta - 3.0 is the official release (they are identical) */ -+ /* version 2.2 was only beta - 3.0 is the official release -+ (they are identical) */ - v30_flag = (!strncmp(buf, "#FIG 3", 6) || !strncmp(buf, "#FIG 2.2", 8)); -- /* version 3.2 contains paper size, magnif, multiple page and transparent color -- in Fig file */ -+ /* version 3.2 contains paper size, magnif, multiple page -+ and transparent color in Fig file */ - v32_flag = (!strncmp(buf, "#FIG 3.2", 8)); - if (strncmp(&buf[5], PACKAGE_VERSION, 3) > 0) { -- put_msg("Fig file format (%s) newer than this version of fig2dev (%s), exiting", -- &buf[5], PACKAGE_VERSION); -- exit(1); -+ put_msg("Fig file format (%s) newer than this version of fig2dev (%s), exiting", -+ &buf[5], PACKAGE_VERSION); -+ exit(EXIT_FAILURE); -+ } -+ -+ if ((v2_flag | v21_flag | v30_flag | v32_flag) == 0 && -+ strncmp(buf, "#FIG 1.4", 8)) { -+ put_msg("Cannot determine fig file format from string '%s'.", -+ &buf[5]); -+ exit(EXIT_FAILURE); -+ } -+ -+ if ((line = malloc(line_len)) == NULL) { -+ put_msg(Err_mem); -+ return -1; - } - -+ line_no = 1; - if (v30_flag) { - /* read the orientation spec (landscape/portrait) */ -- line_no=1; -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at landscape/portrait specification."); -+ free(line); - return -1; - } - /* but set only if the user didn't specify the orientation - on the command line */ - if (!orientspec) -- landscape = !strncasecmp(buf,"land",4); -+ landscape = !strncasecmp(line, "land", 4); - - /* now read the metric/inches spec OR centering spec */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at metric/inches or centering specification."); -+ free(line); - return -1; - } - /* read justification spec */ -- if ((strncasecmp(buf,"center",6) == 0) || -- (strncasecmp(buf,"flush",5) == 0)) { -+ if ((strncasecmp(line, "center", 6) == 0) || -+ (strncasecmp(line, "flush", 5) == 0)) { - /* but set only if user didn't specify it */ - if (!centerspec) -- center = strncasecmp(buf,"flush",5); -+ center = strncasecmp(line, "flush", 5); - /* now read metric/inches spec */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at metric/inches specification."); -+ free(line); - return -1; - } - } - /* read metric/inches spec */ - /* if metric, scale magnification to correct for xfig display error */ -- if (strncasecmp(buf,"metric", 6) == 0) { -+ if (strncasecmp(line, "metric", 6) == 0) { - metric = 1; - } else { - metric = 0; -@@ -261,56 +283,67 @@ read_objects(FILE *fp, F_compound *obj) - - /* new stuff in 3.2 */ - if (v32_flag) { -- char *p; - /* read the paper size */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at paper size specification."); -+ free(line); - return -1; - } - if (!paperspec) { -- strcpy(papersize,buf); -- /* and truncate at first blank, if any */ -- if ((p=strchr(papersize,' '))) -+ char *p; -+ /* truncate at first blank, if any */ -+ if ((p = strchr(line, ' '))) - *p = '\0'; -+ if (strlen(line) + 1 > sizeof papersize) { -+ put_msg("Invalid paper size specification at line %d: %s", -+ line_no, line); -+ free(line); -+ return -1; -+ } -+ strcpy(papersize, line); - } - - /* read the magnification */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at magnification specification."); -+ free(line); - return -1; - } -- /* if the users hasn't specified a magnification on the command line, -- use the one in the file */ -+ /* if the users hasn't specified a magnification on -+ the command line, use the one in the file */ - if (!magspec) { -- mag = atof(buf)/100.0; -+ mag = atof(line)/100.0; - if (mag <= 0.) - mag = 1.; - fontmag = mag; - } - - /* read the multiple page flag */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at multiple page specification."); -+ free(line); - return -1; - } - if (!multispec) -- multi_page = (strncasecmp(buf,"multiple",8) == 0); -+ multi_page = (strncasecmp(line, "multiple", 8) == 0); - - /* Read the GIF transparent color. */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at transparent color specification."); -+ free(line); - return -1; - } - if (!transspec) { -- gif_colnum = atoi(buf); -+ gif_colnum = atoi(line); - if (gif_colnum < -3) { - put_msg("Invalid color number for transparent color."); -+ free(line); - return -1; - } - /* if standard color, get the name from the array */ - /* for user colors, wait till we've read in the file to get the value */ - if (gif_colnum < NUM_STD_COLS && gif_colnum >= 0) -- strcpy(gif_transparent,Fig_color_names[gif_colnum]); -+ strcpy(gif_transparent, Fig_color_names[gif_colnum]); - } - } - } else { -@@ -329,17 +362,20 @@ read_objects(FILE *fp, F_compound *obj) - } - - /* now read for resolution and coord_sys (coord_sys is not used) */ -- if (get_line(fp) < 0) { -+ if (get_line(fp, &line, &line_len, &line_no) < 0) { - put_msg("File is truncated at resolution specification."); -+ free(line); - return -1; - } -- if (sscanf(buf,"%lf%d\n", &ppi, &coord_sys) != 2) { -+ if (sscanf(line, "%lf%d", &ppi, &coord_sys) != 2) { - put_msg("Incomplete resolution information at line %d.", line_no); -+ free(line); - return -1; - } - if (ppi <= 0.) { - put_msg("Invalid resolution information (%g) at line %d.", - ppi, line_no); -+ free(line); - return -1; - } - -@@ -349,24 +385,28 @@ read_objects(FILE *fp, F_compound *obj) - /* attach any comments found thus far to the whole figure */ - obj->comments = attach_comments(); - -- while (get_line(fp) > 0) { -- if (sscanf(buf, "%d", &object) != 1) { -+ while (get_line(fp, &line, &line_len, &line_no) > 0) { -+ if (sscanf(line, "%d", &object) != 1) { - put_msg("Incorrect format at line %d.", line_no); -+ free(line); - return -1; - } - switch (object) { - case OBJ_COLOR_DEF: -- read_colordef(); -- if (num_object) { -+ if (objects) { - put_msg("Color definitions must come before other objects (line %d).", - line_no); -- return (-1); -+ free(line); -+ return -1; - } -- ++num_usr_cols; -+ read_colordef(line, line_no); - break; - case OBJ_POLYLINE : -- if ((l = read_lineobject(fp)) == NULL) -+ if ((l = read_lineobject(fp, &line, &line_len, &line_no)) == -+ NULL) { -+ free(line); - return -1; -+ } - #ifdef V4_0 - if ((l->pic != NULL) && (l->pic->figure != NULL)) { - if (lc) -@@ -388,79 +428,97 @@ read_objects(FILE *fp, F_compound *obj) - ll = (ll->next = l); - else - ll = obj->lines = l; -- num_object++; -+ objects = true; - break; - #endif /* V4_0 */ - case OBJ_SPLINE : -- if ((s = read_splineobject(fp)) == NULL) { -+ if ((s = read_splineobject(fp, &line, &line_len, &line_no)) -+ == NULL) { -+ free(line); - return -1; -- } -+ } - if (v32_flag){ /* s is a line */ - if (ll) - ll = (ll->next = (F_line *) s); - else - ll = obj->lines = (F_line *) s; -- num_object++; -+ objects = true; - break; - } - if (ls) - ls = (ls->next = s); - else - ls = obj->splines = s; -- num_object++; -+ objects = true; - break; - case OBJ_ELLIPSE : -- if ((e = read_ellipseobject()) == NULL) -+ if ((e = read_ellipseobject(line, line_no)) == NULL) { -+ free(line); - return -1; -+ } - if (le) - le = (le->next = e); - else - le = obj->ellipses = e; -- num_object++; -+ objects = true; - break; - case OBJ_ARC : -- if ((a = read_arcobject(fp)) == NULL) -+ if ((a = read_arcobject(fp, &line, &line_len, &line_no)) == -+ NULL) { -+ free(line); - return -1; -+ } - if (la) - la = (la->next = a); - else - la = obj->arcs = a; -- num_object++; -+ objects = true; - break; - case OBJ_TEXT : -- if ((t = read_textobject(fp)) == NULL) -+ if ((t = read_textobject(fp, &line, &line_len, &line_no)) == -+ NULL) { -+ free(line); - return -1; -+ } - if (lt) - lt = (lt->next = t); - else - lt = obj->texts = t; -- num_object++; -+ objects = true; - break; - case OBJ_COMPOUND : -- if ((c = read_compoundobject(fp)) == NULL) -+ if ((c = read_compoundobject(fp, &line, &line_len,&line_no)) -+ == NULL) { -+ free(line); - return -1; -+ } - if (lc) - lc = (lc->next = c); - else - lc = obj->compounds = c; -- num_object++; -+ objects = true; - break; - default : - put_msg("Incorrect object code at line %d.", line_no); -+ free(line); - return -1; - } /* switch */ -- } /* while (get_line(fp)) */ -+ } /* while (get_line(...)) */ -+ free(line); - - /* if user color was requested for GIF transparent color, get the - rgb values from the user color array now that we've read them in */ - if (gif_colnum >= NUM_STD_COLS) { - int i; -- for (i=0; i MAX_USR_COLS) -+ num_usr_cols = MAX_USR_COLS; -+ for (i=0; i < num_usr_cols; ++i) - if (user_col_indx[i] == gif_colnum) - break; - if (i < num_usr_cols) -- sprintf(gif_transparent,"#%2x%2x%2x", -- user_colors[i].r,user_colors[i].g,user_colors[i].b); -+ sprintf(gif_transparent, "#%2x%2x%2x", -+ user_colors[i].r, user_colors[i].g, user_colors[i].b); - } - - if (feof(fp)) -@@ -474,55 +532,72 @@ read_objects(FILE *fp, F_compound *obj) - } /* read_objects */ - - static void --read_colordef(void) -+read_colordef(char *line, int line_no) - { -- int c; -- unsigned int r,g,b; -+ int c; -+ unsigned int r,g,b; - -- if ((sscanf(buf, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) != 4) || -- (c < NUM_STD_COLS)) { -- buf[strlen(buf)-1]='\0'; /* remove the newline */ -- put_msg("Invalid color definition: %s, setting to black (#00000).",buf); -- r=g=b=0; -- } -- user_col_indx[num_usr_cols] = c; -- user_colors[num_usr_cols].r = r; -- user_colors[num_usr_cols].g = g; -- user_colors[num_usr_cols].b = b; -+ if (num_usr_cols >= MAX_USR_COLS) { -+ if (num_usr_cols == MAX_USR_COLS) { -+ put_msg("Maximum number of color definitions (%d) exceeded at line %d.", -+ MAX_USR_COLS, line_no); -+ ++num_usr_cols; -+ } -+ /* ignore additional colors */ -+ return; -+ } -+ if (sscanf(line, "%*d %d #%2x%2x%2x", &c, &r, &g, &b) != 4) { -+ if (c >= NUM_STD_COLS && c < NUM_STD_COLS + MAX_USR_COLS) { -+ put_msg("Invalid color definition at line %d: %s, setting to black (#00000).", -+ line_no, line); -+ r = g = b = 0; -+ } else { -+ put_msg("User color number at line %d out of range (%d), should be between %d and %d.", -+ line_no, c, NUM_STD_COLS, -+ NUM_STD_COLS + MAX_USR_COLS - 1); -+ return; -+ } -+ } -+ user_col_indx[num_usr_cols] = c; -+ user_colors[num_usr_cols].r = r; -+ user_colors[num_usr_cols].g = g; -+ user_colors[num_usr_cols].b = b; -+ ++num_usr_cols; - } - - static void --fix_and_note_color(int *color) -+fix_and_note_color(int *color, int line_no) - { -- int i; -- if (*color < DEFAULT) { -- put_msg("Invalid color number %d at line %d, using default color.", -- *color, line_no); -- *color = DEFAULT; -- return; -- } -- if (*color < NUM_STD_COLS) { -- if (*color >= BLACK_COLOR) { -- std_color_used[*color] = true; -+ int i; -+ -+ if (*color < DEFAULT) { -+ put_msg("Invalid color number %d at line %d, using default color.", -+ *color, line_no); -+ *color = DEFAULT; -+ return; - } -- return; -- } -- for (i=0; i= BLACK_COLOR) { -+ std_color_used[*color] = true; -+ } - return; - } -- put_msg("Cannot locate user color %d, using default color at line %d.", -- *color, line_no); -- *color = DEFAULT; -- return; -+ for (i = 0; i < MIN(num_usr_cols, MAX_USR_COLS); ++i) -+ if (*color == user_col_indx[i]) { -+ *color = i + NUM_STD_COLS; -+ return; -+ } -+ put_msg("Cannot locate user color %d, using default color at line %d.", -+ *color, line_no); -+ *color = DEFAULT; -+ return; - } - - static void --note_fill(int fill, int *color) -+note_fill(int fill, int *color, int line_no) - { - if (fill != UNFILLED) { -- fix_and_note_color(color); -+ fix_and_note_color(color, line_no); - if (fill >= NUMSHADES + NUMTINTS) { - pattern_used[fill - NUMSHADES - NUMTINTS] = true; - pats_used = true; -@@ -531,7 +606,7 @@ note_fill(int fill, int *color) - } - - static F_arc * --read_arcobject(FILE *fp) -+read_arcobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { - F_arc *a; - int n, fa, ba; -@@ -548,7 +623,7 @@ read_arcobject(FILE *fp) - a->back_arrow = NULL; - a->next = NULL; - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%lf%lf%d%d%d%d%d%d\n", -+ n = sscanf(*line,"%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%lf%lf%d%d%d%d%d%d", - &a->type, &a->style, &a->thickness, - &a->pen_color, &a->fill_color, &a->depth, &a->pen, &a->fill_style, - &a->style_val, &a->cap_style, -@@ -558,7 +633,7 @@ read_arcobject(FILE *fp) - &a->point[1].x, &a->point[1].y, - &a->point[2].x, &a->point[2].y); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d%d%lf%lf%d%d%d%d%d%d\n", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d%d%lf%lf%d%d%d%d%d%d", - &a->type, &a->style, &a->thickness, - &a->pen_color, &a->depth, &a->pen, &a->fill_style, - &a->style_val, &a->direction, &fa, &ba, -@@ -570,45 +645,45 @@ read_arcobject(FILE *fp) - a->cap_style = 0; /* butt line cap */ - } - if ((v30_flag && n != 21) || (!v30_flag && n != 19)) { -- put_msg(Err_incomp, "arc", line_no); -+ put_msg(Err_incomp, "arc", *line_no); - free(a); - return NULL; - } - a->thickness *= round(THICK_SCALE); - a->fill_style = FILL_CONVERT(a->fill_style); - if (INVALID_ARC(a)) { -- put_msg(Err_invalid, "arc", line_no); -+ put_msg(Err_invalid, "arc", *line_no); - free(a); - return NULL; - } -- fix_and_note_color(&a->pen_color); -- note_fill(a->fill_style, &a->fill_color); -+ fix_and_note_color(&a->pen_color, *line_no); -+ note_fill(a->fill_style, &a->fill_color, *line_no); - if (fa) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "arc", line_no); -+ put_msg(Err_incomp, "arc", *line_no); - free(a); - return NULL; - } - if ((a->for_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "forward", line_no); -+ put_msg(Err_arrow, "forward", *line_no); - free(a); - return NULL; - } - } - if (ba) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "arc", line_no); -+ put_msg(Err_incomp, "arc", *line_no); - free(a); - return NULL; - } - if ((a->back_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "backward", line_no); -+ put_msg(Err_arrow, "backward", *line_no); - free(a); - return NULL; - } -@@ -618,7 +693,8 @@ read_arcobject(FILE *fp) - } - - static F_compound * --read_compoundobject(FILE *fp) -+read_compoundobject(FILE *fp, char **restrict line, size_t *line_len, -+ int *line_no) - { - F_arc *a, *la = NULL; - F_ellipse *e, *le = NULL; -@@ -638,22 +714,23 @@ read_compoundobject(FILE *fp) - com->next = NULL; - com->comments = attach_comments(); /* attach any comments */ - -- n = sscanf(buf, "%*d%d%d%d%d\n", &com->nwcorner.x, &com->nwcorner.y, -+ n = sscanf(*line, "%*d%d%d%d%d", &com->nwcorner.x, &com->nwcorner.y, - &com->secorner.x, &com->secorner.y); - if (n != 4) { -- put_msg(Err_incomp, "compound", line_no); -+ put_msg(Err_incomp, "compound", *line_no); - free(com); - return NULL; - } -- while (get_line(fp) > 0) { -- if (sscanf(buf, "%d", &object) != 1) { -- put_msg(Err_incomp, "compound", line_no); -+ while (get_line(fp, line, line_len, line_no) > 0) { -+ if (sscanf(*line, "%d", &object) != 1) { -+ put_msg(Err_incomp, "compound", *line_no); - free_compound(&com); - return NULL; -- } -+ } - switch (object) { - case OBJ_POLYLINE : -- if ((l = read_lineobject(fp)) == NULL) { -+ if ((l = read_lineobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - #ifdef V4_0 -@@ -674,7 +751,8 @@ read_compoundobject(FILE *fp) - #endif /* V4_0 */ - break; - case OBJ_SPLINE : -- if ((s = read_splineobject(fp)) == NULL) { -+ if ((s = read_splineobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - if (v32_flag){ /* s is a line */ -@@ -690,7 +768,7 @@ read_compoundobject(FILE *fp) - ls = com->splines = s; - break; - case OBJ_ELLIPSE : -- if ((e = read_ellipseobject()) == NULL) { -+ if ((e = read_ellipseobject(*line, *line_no)) == NULL) { - return NULL; - } - if (le) -@@ -699,7 +777,8 @@ read_compoundobject(FILE *fp) - le = com->ellipses = e; - break; - case OBJ_ARC : -- if ((a = read_arcobject(fp)) == NULL) { -+ if ((a = read_arcobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - if (la) -@@ -708,7 +787,8 @@ read_compoundobject(FILE *fp) - la = com->arcs = a; - break; - case OBJ_TEXT : -- if ((t = read_textobject(fp)) == NULL) { -+ if ((t = read_textobject(fp, line, line_len, line_no)) == -+ NULL) { - return NULL; - } - if (lt) -@@ -717,7 +797,8 @@ read_compoundobject(FILE *fp) - lt = com->texts = t; - break; - case OBJ_COMPOUND : -- if ((c = read_compoundobject(fp)) == NULL) { -+ if ((c = read_compoundobject(fp, line, line_len, line_no)) -+ == NULL) { - return NULL; - } - if (lc) -@@ -728,7 +809,7 @@ read_compoundobject(FILE *fp) - case OBJ_END_COMPOUND : - return com; - default : -- put_msg("Wrong object code at line %d", line_no); -+ put_msg("Wrong object code at line %d", *line_no); - return NULL; - } /* switch */ - } -@@ -739,7 +820,7 @@ read_compoundobject(FILE *fp) - } - - static F_ellipse * --read_ellipseobject(void) -+read_ellipseobject(char *line, int line_no) - { - F_ellipse *e; - int n; -@@ -749,7 +830,7 @@ read_ellipseobject(void) - e->pen = 0; - e->next = NULL; - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d\n", -+ n = sscanf(line, "%*d%d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d", - &e->type, &e->style, &e->thickness, - &e->pen_color, &e->fill_color, &e->depth, &e->pen, &e->fill_style, - &e->style_val, &e->direction, &e->angle, -@@ -758,7 +839,7 @@ read_ellipseobject(void) - &e->start.x, &e->start.y, - &e->end.x, &e->end.y); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d\n", -+ n = sscanf(line, "%*d%d%d%d%d%d%d%d%lf%d%lf%d%d%d%d%d%d%d%d", - &e->type, &e->style, &e->thickness, - &e->pen_color, &e->depth, &e->pen, &e->fill_style, - &e->style_val, &e->direction, &e->angle, -@@ -773,7 +854,7 @@ read_ellipseobject(void) - free(e); - return NULL; - } -- fix_and_note_color(&e->pen_color); -+ fix_and_note_color(&e->pen_color, line_no); - e->thickness *= round(THICK_SCALE); - e->fill_style = FILL_CONVERT(e->fill_style); - if (e->radiuses.x < 0) -@@ -785,7 +866,7 @@ read_ellipseobject(void) - free(e); - return NULL; - } -- note_fill(e->fill_style, &e->fill_color); -+ note_fill(e->fill_style, &e->fill_color, line_no); - e->comments = attach_comments(); /* attach any comments */ - return e; - } -@@ -804,8 +885,9 @@ read_ellipseobject(void) - */ - static int - sanitize_lineobject( -- F_line *l, /* the line */ -- F_point *p /* the last point of the line */ -+ F_line *l, /* the line */ -+ F_point *p, /* the last point of the line */ -+ int line_no - ) - { - F_point *q; -@@ -912,7 +994,7 @@ sanitize_lineobject( - } - - static F_line * --read_lineobject(FILE *fp) -+read_lineobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { - F_line *l; - F_point *o = NULL, *p, *q; -@@ -933,40 +1015,38 @@ read_lineobject(FILE *fp) - l->pic = NULL; - l->comments = NULL; - -- sscanf(buf,"%*d%d",&l->type); /* get the line type */ -+ sscanf(*line, "%*d%d", &l->type); /* get the line type */ - - radius_flag = v30_flag || v21_flag || (v2_flag && l->type == T_ARC_BOX); - if (radius_flag) { - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d%d%d", - &l->type,&l->style,&l->thickness,&l->pen_color,&l->fill_color, - &l->depth,&l->pen,&l->fill_style,&l->style_val, - &l->join_style,&l->cap_style, - &l->radius,&fa,&ba,&npts); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d%d", -- &l->type,&l->style,&l->thickness,&l->pen_color, -- &l->depth,&l->pen,&l->fill_style,&l->style_val,&l->radius,&fa, &ba); -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d%d", -+ &l->type,&l->style,&l->thickness,&l->pen_color,&l->depth, -+ &l->pen,&l->fill_style,&l->style_val,&l->radius,&fa, &ba); - l->fill_color = l->pen_color; - } - } - /* old format uses pen for radius of arc-box corners */ - else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d", - &l->type,&l->style,&l->thickness,&l->pen_color, - &l->depth,&l->pen,&l->fill_style,&l->style_val,&fa,&ba); - l->fill_color = l->pen_color; -- if (l->type == T_ARC_BOX) -- { -- l->radius = (int) l->pen; -+ if (l->type == T_ARC_BOX) { -+ l->radius = l->pen; - l->pen = 0; -- } -- else -+ } else - l->radius = 0; - } - if ((!radius_flag && n!=10) || - (radius_flag && ((!v30_flag && n!=11)||(v30_flag && n!=15)))) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free(l); - return NULL; - } -@@ -974,45 +1054,47 @@ read_lineobject(FILE *fp) - l->thickness *= round(THICK_SCALE); - l->fill_style = FILL_CONVERT(l->fill_style); - if (INVALID_LINE(l)) { -- put_msg(Err_invalid, "line", line_no); -+ put_msg(Err_invalid, "line", *line_no); - free(l); - return NULL; - } -- note_fill(l->fill_style, &l->fill_color); -- fix_and_note_color(&l->pen_color); -+ note_fill(l->fill_style, &l->fill_color, *line_no); -+ fix_and_note_color(&l->pen_color, *line_no); - if (fa) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free(l); - return NULL; - } - if ((l->for_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "forward", line_no); -+ put_msg(Err_arrow, "forward", *line_no); - free(l); - return NULL; - } - } - if (ba) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free_linestorage(l); - return NULL; - } - if ((l->back_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "backward", line_no); -+ put_msg(Err_arrow, "backward", *line_no); - free_linestorage(l); - return NULL; - } - } - if (l->type == T_PIC_BOX) { -- char file[BUFSIZ], *c; -+ char *file, *c; -+ int pos; - size_t len; -+ ssize_t chars; - - if ((Pic_malloc(l->pic)) == NULL) { - free(l); -@@ -1026,21 +1108,22 @@ read_lineobject(FILE *fp) - XpmCreateXpmImageFromBuffer("", &l->pic->xpmimage, NULL); - #endif - -- /* %[^\n]: really, read until first '\0' in buf */ -- if (get_line(fp) < 0 || sscanf(buf, "%d %[^\n]", -- &l->pic->flipped, file) != 2) { -- put_msg(Err_incomp, "picture", line_no); -- free(l); -- return NULL; -+ if ((chars = get_line(fp, line, line_len, line_no)) < 0 || -+ sscanf(*line, "%d %n", &l->pic->flipped, &pos) != 1) { -+ put_msg(Err_incomp, "picture", *line_no); -+ free(l); -+ return NULL; - } -+ file = *line + pos; -+ len = chars - pos; /* strlen(file) */ -+ - /* if there is a path in the .fig filename, and the path of the - * imported picture filename is NOT absolute, prepend the - * .fig file path to it - */ - if (from && (c = strrchr(from, '/')) && file[0] != '/') { -- if ((l->pic->file = malloc((size_t)(c - from + 2) + -- (len = strlen(file)))) == -- NULL) { -+ if ((l->pic->file = malloc((size_t)(c - from + 2) + len)) == -+ NULL) { - put_msg(Err_mem); - free(l); /* Points not read yet. */ - return NULL; -@@ -1049,8 +1132,8 @@ read_lineobject(FILE *fp) - memcpy(l->pic->file + (c - from + 1), file, len + 1); - } else { - /* either absolute picture path or no path in .fig filename */ -- l->pic->file = malloc(len = strlen(file) + 1); -- memcpy(l->pic->file, file, len); -+ l->pic->file = malloc(len + 1); -+ memcpy(l->pic->file, file, len + 1); - } - } - -@@ -1062,9 +1145,9 @@ read_lineobject(FILE *fp) - p->next = NULL; - - /* read first point of line */ -- ++line_no; -+ ++(*line_no); - if (fscanf(fp, "%d%d", &p->x, &p->y) != 2) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free_linestorage(l); - return NULL; - } -@@ -1072,9 +1155,9 @@ read_lineobject(FILE *fp) - if (!v30_flag) - npts = 1000000; - for (--npts; npts > 0; --npts) { -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if (fscanf(fp, "%d%d", &x, &y) != 2) { -- put_msg(Err_incomp, "line", line_no); -+ put_msg(Err_incomp, "line", *line_no); - free_linestorage(l); - return NULL; - } -@@ -1103,7 +1186,7 @@ read_lineobject(FILE *fp) - l->last[1].y = o->y; - } - -- if (sanitize_lineobject(l, p)) { -+ if (sanitize_lineobject(l, p, *line_no)) { - free_linestorage(l); - return NULL; - } -@@ -1115,7 +1198,8 @@ read_lineobject(FILE *fp) - } - - static F_spline * --read_splineobject(FILE *fp) -+read_splineobject(FILE *fp, char **restrict line, size_t *line_len, -+ int *line_no) - { - F_spline *s; - F_line *l; -@@ -1137,58 +1221,58 @@ read_splineobject(FILE *fp) - s->next = NULL; - - if (v30_flag) { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%d%lf%d%d%d%d", - &s->type, &s->style, &s->thickness, - &s->pen_color, &s->fill_color, - &s->depth, &s->pen, &s->fill_style, &s->style_val, - &s->cap_style, &fa, &ba, &npts); - } else { -- n = sscanf(buf, "%*d%d%d%d%d%d%d%d%lf%d%d", -+ n = sscanf(*line, "%*d%d%d%d%d%d%d%d%lf%d%d", - &s->type, &s->style, &s->thickness, &s->pen_color, - &s->depth, &s->pen, &s->fill_style, &s->style_val, &fa, &ba); - s->fill_color = s->pen_color; - s->cap_style = 0; /* butt line cap */ - } - if ((v30_flag && n != 13) || (!v30_flag && n != 10)) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free(s); - return NULL; - } - s->thickness *= round(THICK_SCALE); - s->fill_style = FILL_CONVERT(s->fill_style); - if (INVALID_SPLINE(s)) { -- put_msg(Err_invalid, "spline", line_no); -+ put_msg(Err_invalid, "spline", *line_no); - free(s); - return NULL; - } -- note_fill(s->fill_style, &s->fill_color); -- fix_and_note_color(&s->pen_color); -+ note_fill(s->fill_style, &s->fill_color, *line_no); -+ fix_and_note_color(&s->pen_color, *line_no); - if (fa) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free(s); - return NULL; - } - if ((s->for_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "forward", line_no); -+ put_msg(Err_arrow, "forward", *line_no); - free(s); - return NULL; - } - } - if (ba) { -- if (get_line(fp) < 0 || -- sscanf(buf, "%d%d%lf%lf%lf", -+ if (get_line(fp, line, line_len, line_no) < 0 || -+ sscanf(*line, "%d%d%lf%lf%lf", - &type, &style, &thickness, &wid, &ht) != 5) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } - if ((s->back_arrow = make_arrow(type, style, thickness, wid, ht)) - == NULL) { -- put_msg(Err_arrow, "backward", line_no); -+ put_msg(Err_arrow, "backward", *line_no); - free_splinestorage(s); - return NULL; - } -@@ -1196,9 +1280,9 @@ read_splineobject(FILE *fp) - - /* Read points */ - /* read first point of line */ -- ++line_no; -+ ++(*line_no); - if ((n = fscanf(fp, "%d%d", &x, &y)) != 2) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - }; -@@ -1212,15 +1296,15 @@ read_splineobject(FILE *fp) - if (!v30_flag) - npts = 1000000; - if (npts < 2) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } - for (--npts; npts > 0; --npts) { - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if (fscanf(fp, "%d%d", &x, &y) != 2) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - }; -@@ -1250,9 +1334,9 @@ read_splineobject(FILE *fp) - ptr = s->controls; - while (ptr) { /* read controls */ - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if ((n = fscanf(fp, "%lf", &control_s)) != 1) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } -@@ -1275,9 +1359,9 @@ read_splineobject(FILE *fp) - } - /* Read controls from older versions */ - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if ((n = fscanf(fp, "%lf%lf%lf%lf", &lx, &ly, &rx, &ry)) != 4) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - free_splinestorage(s); - return NULL; - } -@@ -1290,9 +1374,9 @@ read_splineobject(FILE *fp) - cp->rx = rx; cp->ry = ry; - while (--c) { - /* keep track of newlines for line counter */ -- count_lines_correctly(fp); -+ count_lines_correctly(fp, line_no); - if (fscanf(fp, "%lf%lf%lf%lf", &lx, &ly, &rx, &ry) != 4) { -- put_msg(Err_incomp, "spline", line_no); -+ put_msg(Err_incomp, "spline", *line_no); - cp->next = NULL; - free_splinestorage(s); - return NULL; -@@ -1315,13 +1399,37 @@ read_splineobject(FILE *fp) - return s; - } - -+static char * -+find_end(const char *str, int v30flag) -+{ -+ const char endmark[] = "\\001"; -+ char *end; -+ -+ if (v30flag) { -+ /* A string is terminated with the literal '\001', -+ and 8-bit characters may be represented as \xxx */ -+ end = strstr(str, endmark); -+ /* is this not '\\001', or '\\\\001', etc? */ -+ while (end && backslash_count(str, end - str) % 2 == 0) -+ end = strstr(end + 3, endmark); -+ } else { -+ /* The text object is terminated by a CONTROL-A. -+ If there is no CONTROL-A on this line, then this -+ must be a multi-line text object. */ -+ end = strchr(str, '\1'); -+ } -+ return end; -+} -+ -+ - static F_text * --read_textobject(FILE *fp) -+read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { - F_text *t; -- int n, ignore = 0; -- char s[BUFSIZ], s_temp[BUFSIZ], junk[2]; -- int more, len, l; -+ bool freestart = false; -+ int i, n; -+ char *end, *start; -+ size_t len; - - Text_malloc(t); - t->font = 0; -@@ -1329,32 +1437,101 @@ read_textobject(FILE *fp) - t->comments = NULL; - t->next = NULL; - -- if (v30_flag) { /* order of parms is more like other objects now, -- string is now terminated with the literal '\001', -- and 8-bit characters are represented as \xxx */ -- -- n = sscanf(buf, "%*d%d%d%d%d%d%lf%lf%d%lf%lf%d%d%[^\n]", -- &t->type, &t->color, &t->depth, &t->pen, -- &t->font, &t->size, &t->angle, -- &t->flags, &t->height, &t->length, -- &t->base_x, &t->base_y, s); -+ n = sscanf(*line, "%*d%d%d%d%d%d%lf%lf%d%lf%lf%d%d %n", -+ &t->type, &t->color, &t->depth, &t->pen, &t->font, -+ &t->size, &t->angle, &t->flags, &t->height, &t->length, -+ &t->base_x, &t->base_y, &i); -+ if (n != 12) { -+ put_msg(Err_incomp, "text", *line_no); -+ free(t); -+ return NULL; -+ } -+ start = *line + i; -+ end = find_end(start, v30_flag); -+ -+ if (end) { -+ *end = '\0'; -+ len = end - start; - } else { -- /* The text object is terminated by a CONTROL-A, so we read -- everything up to the CONTROL-A and then read that character. -- If we do not find the CONTROL-A on this line then this must -- be a multi-line text object and we will have to read more. */ -- -- n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]", -- &t->type, &t->font, &t->size, &t->pen, -- &t->color, &t->depth, &t->angle, -- &t->flags, &t->height, &t->length, -- &t->base_x, &t->base_y, s, junk); -- } -- if ((n != 14) && (n != 13)) { -- put_msg(Err_incomp, "text", line_no); -- free(t); -- return NULL; -+ ssize_t chars; -+ char *next; -+ -+ len = strlen(start); -+ start[len++] = '\n'; /* put back the newline */ -+ -+ /* allocate plenty of space */ -+ next = malloc(len + BUFSIZ); -+ if (next == NULL) { -+ put_msg(Err_mem); -+ free(t); -+ return NULL; -+ } -+ memcpy(next, start, len); -+ -+ while ((chars = getline(line, line_len, fp)) != -1) { -+ ++(*line_no); -+ end = find_end(*line, v30_flag); -+ if (end) { -+ *end = '\0'; -+ next = realloc(next, len + end - *line + 1); -+ memcpy(next + len, *line, end - *line + 1); -+ len += end - *line; -+ break; -+ } else { -+ if (**line + chars - 1 == '\n' && chars > 1 && -+ **line + chars - 2 == '\r') -+ (*line)[chars-- - 2] = '\n'; -+ next = realloc(next, len + chars + 1); -+ memcpy(next + len, *line, chars + 1); -+ len += chars; -+ } -+ } -+ start = next; -+ freestart = true; -+ } -+ -+ /* convert any \xxx to characters */ -+ if (v30_flag && (end = strchr(start, '\\'))) { -+ unsigned char num; -+ char *c = start; -+ size_t l; -+ -+ len = end - start; -+ l = len; -+ while (c[l] != '\0') { -+ if (c[l] == '\\') { -+ /* convert 3 digit octal value */ -+ if (isdigit(c[l+1]) && c[l+2] != '\0' && -+ c[l+3] != '\0') { -+ if (sscanf(c+l+1, "%3hho", &num) != 1) { -+ put_msg("Error in parsing text string on line %d", -+ *line_no); -+ return NULL; -+ } -+ /* no check of unsigned char overflow */ -+ c[len++] = num; -+ l += 3; -+ } else { -+ /* an escaped char is un-escaped */ -+ c[len++] = c[++l]; -+ } -+ } else { -+ c[len++] = c[l]; -+ } -+ ++l; -+ } -+ c[len] = '\0'; /* terminate */ -+ } -+ -+ t->cstring = malloc(len + 1); -+ if (t->cstring == NULL) { -+ put_msg(Err_mem); -+ free(t); -+ return NULL; - } -+ memcpy(t->cstring, start, len + 1); -+ if (freestart) -+ free(start); - - if (font_size != 0.0) { - /* scale length/height of text by ratio of requested font size to actual size */ -@@ -1364,89 +1541,6 @@ read_textobject(FILE *fp) - } - if (t->size <= 0.0) - t->size = (float) DEFAULT_FONT_SIZE; -- more = 0; -- if (!v30_flag && n == 13) -- more = 1; /* in older xfig there is more if ^A wasn't found yet */ -- else if (v30_flag) { /* in 3.0 there is more if \001 wasn't found */ -- len = strlen(s); -- if ((strcmp(&s[len-4],"\\001") == 0) && /* if we find '\000' */ -- !(backslash_count(s, len-5) % 2)) { /* and not '\\000' */ -- more = 0; /* then there are no more lines */ -- s[len-4]='\0'; /* and get rid of the '\001' */ -- } else { -- more = 1; -- s[len++]='\n'; /* put back the end of line char */ -- s[len] = '\0'; /* and terminate it */ -- } -- } -- if (more) { -- /* Read in the subsequent lines of the text if there are more */ -- do { -- ++line_no; /* As is done in get_line */ -- if (fgets(s_temp, BUFSIZ, fp) == NULL) -- break; -- len = strlen(s_temp)-1; /* ignore newline */ -- if (len > 0 && s_temp[len-1] == '\r') { /* strip any trailing CR */ -- s_temp[len-1] = '\0'; -- len--; -- } -- if (v30_flag) { -- if ((strncmp(&s_temp[len-4],"\\001",4) == 0) && -- !(backslash_count(s_temp, len-5) % 2)) { -- n=0; /* found the '\001', set n to stop */ -- s_temp[len-4]='\0'; /* and get rid of the '\001' */ -- } else { -- n=1; /* keep going (more lines) */ -- } -- } else { -- n = sscanf(buf, "%[^\1]%[\1]", s_temp, junk); -- } -- /* Safety check */ -- if (strlen(s)+1 + strlen(s_temp)+1 > BUFSIZ) { -- /* Too many characters. Ignore the rest. */ -- ignore = 1; -- } -- if (!ignore) -- strcat(s, s_temp); -- } while (n == 1); -- } -- -- if (v30_flag) { /* now convert any \xxx to ascii characters */ -- if (strchr(s,'\\')) { -- unsigned int num; -- len = strlen(s); -- for (l=0,n=0; l < len; ++l) { -- if (s[l]=='\\') { -- /* a backslash, see if a digit follows */ -- if (l < len && isdigit(s[l+1])) { -- /* yes, scan for 3 digit octal value */ -- if (sscanf(&s[l+1],"%3o",&num)!=1) { -- put_msg("Error in parsing text string on line %d", -- line_no); -- return NULL; -- } -- buf[n++]= (unsigned char) num; /* put char in */ -- l += 3; /* skip over digits */ -- } else { -- buf[n++] = s[++l]; /* some other escaped character */ -- } -- } else { -- buf[n++] = s[l]; /* ordinary character */ -- } -- } -- buf[n]='\0'; /* terminate */ -- strcpy(s,buf); /* copy back to s */ -- } -- } -- if (strlen(s) == 0) -- (void)strcpy(s, " "); -- t->cstring = calloc((unsigned)(strlen(s)), sizeof(char)); -- if (NULL == t->cstring) { -- put_msg(Err_mem); -- free(t); -- return NULL; -- } -- (void)strcpy(t->cstring, s+1); - - if (!v21_flag && (t->font == 0 || t->font == DEFAULT)) - t->flags = ((t->flags != DEFAULT) ? t->flags : 0) -@@ -1457,11 +1551,11 @@ read_textobject(FILE *fp) - | PSFONT_TEXT; - - if (INVALID_TEXT(t)) { -- put_msg(Err_invalid, "text", line_no); -+ put_msg(Err_invalid, "text", *line_no); - free_text(&t); - return NULL; - } -- fix_and_note_color(&t->color); -+ fix_and_note_color(&t->color, *line_no); - t->comments = attach_comments(); /* attach any comments */ - return t; - } -@@ -1469,18 +1563,19 @@ read_textobject(FILE *fp) - - /* count consecutive backslashes backwards */ - --static int --backslash_count(char cp[], int start) -+static ptrdiff_t -+backslash_count(const char *restrict cp, ptrdiff_t start) - { -- int i, count = 0; -+ ptrdiff_t i; -+ ptrdiff_t count = 0; - -- for(i=start; i>=0; i--) { -- if (cp[i] == '\\') -- count++; -- else -- break; -- } -- return count; -+ for(i = start; i >= 0; --i) { -+ if (cp[i] == '\\') -+ ++count; -+ else -+ break; -+ } -+ return count; - } - - /* attach comments in linked list */ -@@ -1509,55 +1604,64 @@ attach_comments(void) - return icomp; - } - -+/* save a comment line to be stored with the *subsequent* object */ -+ - static int --get_line(FILE *fp) -+save_comment(char *restrict line, size_t len) - { -- int len; -- while (1) { -- if (NULL == fgets(buf, BUFSIZ, fp)) { -- return -1; -- } -- ++line_no; -- if (*buf == '#') { /* save any comments */ -- if (save_comment() < 0) -- return -1; -- /* skip empty lines */ -- } else if (*buf != '\n' || !(*buf == '\r' && buf[1] == '\n')) { -- len = strlen(buf); -- /* remove newline and possibly a carriage return */ -- if (buf[len-1] == '\n') -- buf[len - (buf[len-2] == '\r' ? 2 : 1)] = '\0'; -- return 1; -- } -- } --} -+ int i; - --/* save a comment line to be stored with the *subsequent* object */ -+ /* skip too many comment lines */ -+ if (numcom == MAXCOMMENTS) -+ return 2; -+ -+ /* remove one leading blank from the comment, if there is one */ -+ i = 1; -+ if (line[i] == ' ') -+ i = 2; -+ -+ /* see if we've allocated space for this comment */ -+ if (comments[numcom]) -+ free(comments[numcom]); -+ if ((comments[numcom] = malloc(len + (1 - i))) == NULL) -+ return -1; - --static int --save_comment(void) -+ strcpy(comments[numcom++], &line[i]); -+ return 1; -+} -+ -+static ssize_t -+get_line(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - { -- int i; -+ ssize_t chars; - -- /* skip too many comment lines */ -- if (numcom == MAXCOMMENTS) -- return 2; -- i=strlen(buf); -- /* see if we've allocated space for this comment */ -- if (comments[numcom]) -- free(comments[numcom]); -- if ((comments[numcom] = malloc(i+1)) == NULL) -- return -1; -- /* remove any newline */ -- if (buf[i-1] == '\n') -- buf[i-1] = '\0'; -- i=1; -- if (buf[1] == ' ') /* remove one leading blank from the comment, if there is one */ -- i=2; -- strcpy(comments[numcom++], &buf[i]); -- return 1; -+ while ((chars = getline(line, line_len, fp)) != -1) { -+ ++(*line_no); -+ /* skip empty lines */ -+ if (**line == '\n' || (**line == '\r' && -+ chars == 2 && (*line)[1] == '\n')) -+ continue; -+ /* remove newline and possibly a carriage return */ -+ if ((*line)[chars-1] == '\n') { -+ chars -= (*line)[chars - 2] == '\r' ? 2 : 1; -+ (*line)[chars] = '\0'; -+ } -+ /* save any comments */ -+ if (**line == '#') { -+ if (save_comment(*line, (size_t)chars) < 0) -+ return -1; -+ continue; -+ } -+ /* return the line */ -+ return chars; -+ } -+ /* chars == -1 */ -+ return chars; -+ /* getline() only fails with EINVAL, and probably ENOMEM from malloc(). -+ No use to check for errno. */ - } - -+ - /* skip to the end of the current line and any subsequent blank lines */ - - static void -@@ -1714,15 +1818,15 @@ static int pop() { - */ - - static void --count_lines_correctly(FILE *fp) -+count_lines_correctly(FILE *fp, int *line_no) - { - int cc; - do { -- cc = getc(fp); -- if (cc == '\n') { -- ++line_no; -- cc=getc(fp); -- } -+ cc = getc(fp); -+ if (cc == '\n') { -+ ++(*line_no); -+ cc=getc(fp); -+ } - } while (cc == ' ' || cc == '\t'); - ungetc(cc,fp); - } ---- fig2dev/read1_3.c -+++ fig2dev/read1_3.c 2020-01-21 11:31:32.048794834 +0000 -@@ -2,8 +2,8 @@ - * Fig2dev: Translate Fig code to various Devices - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul -- * Parts Copyright (c) 1989-2012 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 1989-2015 by Brian V. Smith -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -51,8 +51,6 @@ - - extern F_arrow *forward_arrow(void), *backward_arrow(void); - extern int figure_modified; --//extern int line_no; --extern int num_object; - - static F_ellipse *read_ellipseobject(FILE *fp); - static F_line *read_lineobject(FILE *fp); -@@ -103,7 +101,6 @@ read_1_3_objects(FILE *fp, F_compound *o - ll = (ll->next = l); - else - ll = obj->lines = l; -- num_object++; - break; - case OBJ_SPLINE : - if ((s = read_splineobject(fp)) == NULL) return(-1); -@@ -111,7 +108,6 @@ read_1_3_objects(FILE *fp, F_compound *o - ls = (ls->next = s); - else - ls = obj->splines = s; -- num_object++; - break; - case OBJ_ELLIPSE : - if ((e = read_ellipseobject(fp)) == NULL) return(-1); -@@ -119,7 +115,6 @@ read_1_3_objects(FILE *fp, F_compound *o - le = (le->next = e); - else - le = obj->ellipses = e; -- num_object++; - break; - case OBJ_ARC : - if ((a = read_arcobject(fp)) == NULL) return(-1); -@@ -127,7 +122,6 @@ read_1_3_objects(FILE *fp, F_compound *o - la = (la->next = a); - else - la = obj->arcs = a; -- num_object++; - break; - case OBJ_TEXT : - if ((t = read_textobject(fp)) == NULL) return(-1); -@@ -135,7 +129,6 @@ read_1_3_objects(FILE *fp, F_compound *o - lt = (lt->next = t); - else - lt = obj->texts = t; -- num_object++; - break; - case OBJ_COMPOUND : - if ((c = read_compoundobject(fp)) == NULL) return(-1); -@@ -143,7 +136,6 @@ read_1_3_objects(FILE *fp, F_compound *o - lc = (lc->next = c); - else - lc = obj->compounds = c; -- num_object++; - break; - default: - put_msg("Incorrect object code %d", object); ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-01-21 11:31:32.048794834 +0000 -@@ -2,7 +2,7 @@ dnl Fig2dev: Translate Fig code to vario - dnl Copyright (c) 1991 by Micah Beck - dnl Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - dnl Parts Copyright (c) 1989-2015 by Brian V. Smith --dnl Parts Copyright (c) 2015-2019 by Thomas Loimer -+dnl Parts Copyright (c) 2015-2020 by Thomas Loimer - dnl - dnl Any party obtaining a copy of these files is granted, free of charge, a - dnl full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -14,7 +14,7 @@ dnl party to do so, with the only requir - dnl and this permission notice remain intact. - - dnl read.at --dnl Author: Thomas Loimer, 2017-2019 -+dnl Author: Thomas Loimer, 2017-2020 - - - AT_BANNER([Sanitize and harden input.]) -@@ -279,7 +279,7 @@ AT_CHECK([fig2dev -L box < -Date: Tue, 28 Jan 2020 22:56:40 +0100 -Subject: [PATCH] Reject text or ellipse angles beyond -2pi to 2pi, #76 - -In fact, generously extend the allowed range to -7 to 7. -Sane applications, e.g., xfig, certainly keep the angles within one revolution. ---- - CHANGES | 6 +++--- - fig2dev/object.h | 7 ++++--- - fig2dev/tests/read.at | 8 ++++++++ - 3 files changed, 15 insertions(+), 6 deletions(-) - -|diff --git CHANGES CHANGES -|index 4834e50..52daead 100644 -|--- CHANGES -|+++ CHANGES -|@@ -6,9 +6,9 @@ Patchlevel Xx (Xxx 20xx) -| -| BUGS FIXED: -| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. -|- o Fix ticket #81. -|- o Do not allow ASCII NUL anywhere in input. -|- Fixes tickets #65, #68, #71, #73, #75, #80. -|+ o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76. -|+ o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81. -|+ o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80. -| o Use getline() to improve input scanning. -| Fixes tickets #58, #59, #61, #62, #67, #78, #79. -| o Correctly scan embedded pdfs for /MediaBox value. -diff --git fig2dev/object.h fig2dev/object.h -index fe56bbb..8464010 100644 ---- fig2dev/object.h -+++ fig2dev/object.h -@@ -3,7 +3,7 @@ - * Copyright (c) 1991 by Micah Beck - * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul - * Parts Copyright (c) 1989-2015 by Brian V. Smith -- * Parts Copyright (c) 2015-2019 by Thomas Loimer -+ * Parts Copyright (c) 2015-2020 by Thomas Loimer - * - * Any party obtaining a copy of these files is granted, free of charge, a - * full and unrestricted irrevocable, world-wide, paid up, royalty-free, -@@ -94,7 +94,8 @@ typedef struct f_ellipse { - #define INVALID_ELLIPSE(e) \ - e->type < T_ELLIPSE_BY_RAD || e->type > T_CIRCLE_BY_DIA || \ - COMMON_PROPERTIES(e) || (e->direction != 1 && e->direction != 0) || \ -- e->radiuses.x == 0 || e->radiuses.y == 0 -+ e->radiuses.x == 0 || e->radiuses.y == 0 || \ -+ e->angle < -7. || e->angle > 7. - - typedef struct f_arc { - int type; -@@ -243,7 +244,7 @@ typedef struct f_text { - t->type < T_LEFT_JUSTIFIED || t->type > T_RIGHT_JUSTIFIED || \ - t->font < DEFAULT || t->font > MAX_PSFONT || \ - t->flags < DEFAULT || t->flags >= 2 * HIDDEN_TEXT || \ -- t->height < 0 || t->length < 0 -+ t->height < 0 || t->length < 0 || t->angle < -7. || t->angle > 7. - - typedef struct f_control { - double lx, ly, rx, ry; /* used by older versions*/ -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 726e6da..2d066e4 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -424,6 +424,14 @@ AT_KEYWORDS([read.c svg]) -| AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) -| AT_CLEANUP -| -|+AT_SETUP([reject out of range text angle, ticket #76]) -|+AT_CHECK([fig2dev -L pstricks < -Date: Wed, 11 Dec 2019 21:36:46 +0100 -Subject: [PATCH] Convert polygons with too few points to polylines - -As a side effect, this also fixes ticket #56. ---- - fig2dev/read.c | 16 ++++++++++++++++ - fig2dev/tests/read.at | 11 +++++++++++ - 2 files changed, 27 insertions(+) - ---- fig2dev/read.c -+++ fig2dev/read.c 2020-01-21 11:29:27.367140319 +0000 -@@ -793,8 +793,10 @@ read_ellipseobject(void) - /* - * Sanitize line objects. Return 0 on success, -1 otherwise. - * On error, call free_linestorage(l) after sanitize_lineobject(). -+ * - * polylines: remove fill, if less than 3 points - * remove arrows, if only one point -+ * polygons: convert to polyline if less than 3 unique points - * rectangles, polygons: last point must coincide with first point - * rectangle: convert to polygon, if not 5 points - * rectangle with rounded corners: error, if not 5 points -@@ -854,6 +856,20 @@ sanitize_lineobject( - q->y = l->points->y; - } - -+ if (l->type == T_POLYGON) { -+ int npts; -+ -+ q = l->points; -+ for (npts = 1; q->next && npts < 4; q = q->next) -+ ++npts; -+ if (npts < 4 ) { -+ put_msg("A polygon with %d points at line %d - convert to a polyline.", -+ npts, line_no); -+ l->type = T_POLYLINE; -+ return 0; -+ } -+ } -+ - if (l->type == T_BOX || l->type == T_ARC_BOX || l->type == T_PIC_BOX) { - int npts = 1; - for (q = l->points; q->next; q = q->next) ---- fig2dev/tests/read.at -+++ fig2dev/tests/read.at 2020-01-21 11:29:27.367140319 +0000 -@@ -147,6 +147,17 @@ EOF - ]) - AT_CLEANUP - -+AT_SETUP([convert short polygon to polyline, ticket #56]) -+AT_KEYWORDS(read.c polygon) -+AT_CHECK([fig2dev -L ptk < -Date: Mon, 17 Feb 2020 12:18:12 +0100 -Subject: [PATCH] Amend previous commit - avoid buffer overflow - -Regards to Dr. Werner Fink, see discussion to ticket #83. ---- - fig2dev/read.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git fig2dev/read.c fig2dev/read.c -index 0bdcd3d..d1ae463 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -1489,8 +1489,6 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - - len = strlen(start); - start[len++] = '\n'; /* put back the newline */ -- start[len] = '\0'; /* and terminate the string, -- in case nothing else is found */ - - /* allocate plenty of space */ - next = malloc(len + BUFSIZ); -@@ -1500,6 +1498,8 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - return NULL; - } - memcpy(next, start, len + 1); -+ next[len] = '\0'; /* terminate the initial string, -+ in case nothing else is found */ - - while ((chars = getline(line, line_len, fp)) != -1) { - ++(*line_no); --- -2.16.4 - diff --git a/d6a10d.patch b/d6a10d.patch deleted file mode 100644 index 17a2a17..0000000 --- a/d6a10d.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d6a10d168469ed9c4d681ebdc577ea0f65de1501 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sun, 26 Jan 2020 22:13:26 +0100 -Subject: [PATCH] Fix ticket #60. The previous commit fixed also #65, #68, #71, - #73, #75 - ---- - CHANGES | 3 ++- - fig2dev/read.c | 1 + - 2 files changed, 3 insertions(+), 1 deletion(-) - -|diff --git CHANGES CHANGES -|index f1bbbc3..4834e50 100644 -|--- CHANGES -|+++ CHANGES -|@@ -7,7 +7,8 @@ Patchlevel Xx (Xxx 20xx) -| BUGS FIXED: -| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. -| o Fix ticket #81. -|- o Do not allow ASCII NUL anywhere in input. Fixes ticket #80. -|+ o Do not allow ASCII NUL anywhere in input. -|+ Fixes tickets #65, #68, #71, #73, #75, #80. -| o Use getline() to improve input scanning. -| Fixes tickets #58, #59, #61, #62, #67, #78, #79. -| o Correctly scan embedded pdfs for /MediaBox value. -diff --git fig2dev/read.c fig2dev/read.c -index 86cee71..797030c 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -1322,6 +1322,7 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, - } - q->x = x; - q->y = y; -+ q->next = NULL; - p->next = q; - p = q; - ++c; --- -2.16.4 - diff --git a/d70e4b.patch b/d70e4b.patch deleted file mode 100644 index 4afd3c6..0000000 --- a/d70e4b.patch +++ /dev/null @@ -1,129 +0,0 @@ -From d70e4ba6308046f71cb51f67db8412155af52411 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Sun, 26 Jan 2020 13:16:52 +0100 -Subject: [PATCH] Reject ASCII NUL anywhere in the input - -The input is read in line by line, stored in a buffer and processed further -with sscanf(). Embedded NUL characters ('\0') would already disturb sscanf(), -and nowhere does the code expect NUL characters. Therefore, detect NUL while -reading the input, and exit with an error message when NUL is found anywere. -Fixes ticket #80. ---- - CHANGES | 4 ++++ - fig2dev/read.c | 21 +++++++++++++++++++-- - fig2dev/tests/data/text_w_ascii0.fig | Bin 0 -> 321 bytes - fig2dev/tests/read.at | 6 ++++++ - 4 files changed, 29 insertions(+), 2 deletions(-) - create mode 100644 fig2dev/tests/data/text_w_ascii0.fig - -|diff --git CHANGES CHANGES -|index 4a414fa..f1bbbc3 100644 -|--- CHANGES -|+++ CHANGES -|@@ -6,6 +6,10 @@ Patchlevel Xx (Xxx 20xx) -| -| BUGS FIXED: -| Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. -|+ o Fix ticket #81. -|+ o Do not allow ASCII NUL anywhere in input. Fixes ticket #80. -|+ o Use getline() to improve input scanning. -|+ Fixes tickets #58, #59, #61, #62, #67, #78, #79. -| o Correctly scan embedded pdfs for /MediaBox value. -| o Convert polygons having too few points to polylines. Ticket #56. -| o Reject huge arrow types causing integer overflow. Ticket #57. -diff --git fig2dev/read.c fig2dev/read.c -index e85ee10..86cee71 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -178,8 +178,14 @@ read_objects(FILE *fp, F_compound *obj) - put_msg("Could not read input file."); - return -1; - } -- /* seek to the end of the first line */ -- if (strchr(buf, '\n') == NULL) { -+ -+ /* check for embedded '\0' */ -+ if (strlen(buf) < sizeof buf - 1 && buf[strlen(buf) - 1] != '\n') { -+ put_msg("ASCII NUL ('\\0') character within the first line."); -+ exit(EXIT_FAILURE); -+ /* seek to the end of the first line -+ (the only place, where '\0's are tolerated) */ -+ } else if (buf[strlen(buf) - 1] != '\n') { - int c; - do - c = fgetc(fp); -@@ -1398,6 +1404,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, - return s; - } - -+static void -+exit_on_ascii_NUL(const char *restrict line, size_t chars, int line_no) -+{ -+ if (strlen(line) < (size_t)chars) { -+ put_msg("ASCII NUL ('\\0') in line %d.", line_no); -+ exit(EXIT_FAILURE); -+ } -+} -+ - static char * - find_end(const char *str, int v30flag) - { -@@ -1469,6 +1484,7 @@ read_textobject(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - - while ((chars = getline(line, line_len, fp)) != -1) { - ++(*line_no); -+ exit_on_ascii_NUL(*line, chars, *line_no); - end = find_end(*line, v30_flag); - if (end) { - *end = '\0'; -@@ -1640,6 +1656,7 @@ get_line(FILE *fp, char **restrict line, size_t *line_len, int *line_no) - if (**line == '\n' || (**line == '\r' && - chars == 2 && (*line)[1] == '\n')) - continue; -+ exit_on_ascii_NUL(*line, chars, *line_no); - /* remove newline and possibly a carriage return */ - if ((*line)[chars-1] == '\n') { - chars -= (*line)[chars - 2] == '\r' ? 2 : 1; -|diff --git fig2dev/tests/data/text_w_ascii0.fig fig2dev/tests/data/text_w_ascii0.fig -|new file mode 100644 -|index 0000000000000000000000000000000000000000..fb15b306b26a42446b809d0caf77efcfc73c588a -|GIT binary patch -|literal 321 -|zcmV-H0lxktMoC8?GcGa;Okr+hb7Ns}WeP)OZggdG3Q2BbXk~K>Ol5R*WpWBJFfcAK -|zFbY#?Zf9&|3N11UF)}bPATkOxATS^>ATl5@ATl)|F*Y+GGch1HATS^xFd!{4ATb~? -|zATkOdFeV^0ATcs9AT=O)Tp%DYATS^>US3{aUP@kGUS3`R!hplS!@pi$US3{aUS3{a -|zUS3{aUS3{aUS3{aG&LYaTrf#7d0a3sF$yCzATS^>AT=-`EioW1F(5HAATTa4ATS^? -|zH83DFFf|}BATS_7ZXjWEV`*t1dS!BNASYa0Fee~rWpZU8Ej|D)E-qniWFT{IZDk;B -|zZ*pZIbY*ySAZBlDY;SjIZf7hYcWHEJAYmY5WpZ?3X>K54ZEtmMbRchLAZ=-GX>E0F -|TAY*7@a$#e1WpZ;|FfcI+7J*tc -| -|literal 0 -|KcmV+b0RR6000031 -| -|diff --git fig2dev/tests/read.at fig2dev/tests/read.at -|index 331afb5..60982b0 100644 -|--- fig2dev/tests/read.at -|+++ fig2dev/tests/read.at -|@@ -407,6 +407,7 @@ EOF -| AT_CLEANUP -| -| AT_SETUP([allow tex font -1, ticket #81]) -|+AT_KEYWORDS([pict2e tikz]) -| AT_DATA([text.fig], [FIG_FILE_TOP -| 4 0 0 50 -1 -1 12 0.0 0 150 405 0 0 Text\001 -| ]) -|@@ -416,6 +417,11 @@ AT_CHECK([fig2dev -L tikz text.fig -| ], 0, ignore) -| AT_CLEANUP -| -|+AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80]) -|+AT_KEYWORDS([read.c svg]) -|+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore) -|+AT_CLEANUP -|+ -| AT_BANNER([Dynamically allocate picture file name.]) -| -| AT_SETUP([prepend fig file path to picture file name]) --- -2.16.4 - diff --git a/e3cee2.patch b/e3cee2.patch deleted file mode 100644 index c3f8a25..0000000 --- a/e3cee2.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e3cee2576438f47a3b8678c6960472e625f8f7d7 Mon Sep 17 00:00:00 2001 -From: Thomas Loimer -Date: Mon, 27 Jan 2020 22:14:29 +0100 -Subject: [PATCH] Keep coordinates of spline controls within sane range - -This fixes the fundamental issue of ticket #65. ---- - fig2dev/read.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git fig2dev/read.c fig2dev/read.c -index 797030c..255586a 100644 ---- fig2dev/read.c -+++ fig2dev/read.c -@@ -1393,6 +1393,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len, - free_splinestorage(s); - return NULL; - } -+ if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN || ly > INT_MAX || -+ rx < INT_MIN || rx > INT_MAX || ry < INT_MIN || ry > INT_MAX) { -+ /* do not care to clean up, we exit anyway -+ cp->next = NULL; -+ free_splinestorage(s); */ -+ put_msg("Spline control points out of range at line %d.", -+ *line_no); -+ exit(EXIT_FAILURE); -+ } - cq->lx = lx; cq->ly = ly; - cq->rx = rx; cq->ry = ry; - cp->next = cq; --- -2.16.4 - diff --git a/fig2dev-3.2.6-fig2mpdf.patch b/fig2dev-3.2.6-fig2mpdf.patch index cb556ed..a302a68 100644 --- a/fig2dev-3.2.6-fig2mpdf.patch +++ b/fig2dev-3.2.6-fig2mpdf.patch @@ -1,8 +1,3 @@ -Author: Michael Pfeiffer -Description: creating multilayered or singlelayer PDF or EPS figures for - including into LaTeX documents. -Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html - --- fig2dev/dev/genpstex.c | 331 ++++++++++++++++++++++++ fig2dev/drivers.h | 4 @@ -13,22 +8,23 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html man/fig2dev.1.in | 69 +++++ 7 files changed, 1311 insertions(+), 2 deletions(-) ---- a/fig2dev-3.2.7b/fig2dev/dev/genpstex.c -+++ b/fig2dev-3.2.7b/fig2dev/dev/genpstex.c -@@ -48,9 +48,12 @@ +diff --git a/fig2dev/dev/genpstex.c b/fig2dev/dev/genpstex.c +--- a/fig2dev/dev/genpstex.c ++++ b/fig2dev/dev/genpstex.c +@@ -47,9 +47,12 @@ + #include #include - #include #include +#include #include "fig2dev.h" - #include "object.h" /* does #include */ + #include "object.h" +#include "texfonts.h" +#include "setfigfont.h" extern double rad2deg; -@@ -79,6 +82,308 @@ extern void genps_grid(float major, floa +@@ -78,6 +81,308 @@ extern void genps_grid(float major, floa static char pstex_file[1000] = ""; @@ -337,7 +333,7 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html void genpstex_t_option(char opt, char *optarg) { -@@ -128,6 +433,32 @@ genpstex_option(char opt, char *optarg) +@@ -127,6 +432,32 @@ genpstex_option(char opt, char *optarg) genlatex_option(opt, optarg); } @@ -370,8 +366,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html struct driver dev_pstex_t = { genpstex_t_option, genpstex_t_start, ---- a/fig2dev-3.2.7b/fig2dev/drivers.h -+++ b/fig2dev-3.2.7b/fig2dev/drivers.h +diff --git a/fig2dev/drivers.h b/fig2dev/drivers.h +--- a/fig2dev/drivers.h ++++ b/fig2dev/drivers.h @@ -36,8 +36,10 @@ extern struct driver dev_eps; extern struct driver dev_pdf; extern struct driver dev_pdftex; @@ -399,9 +396,10 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html {"pstricks", &dev_pstricks}, {"ptk", &dev_ptk}, {"shape", &dev_shape}, ---- a/fig2dev-3.2.7b/fig2dev/fig2dev.c -+++ b/fig2dev-3.2.7b/fig2dev/fig2dev.c -@@ -821,6 +821,23 @@ help_msg(void) +diff --git a/fig2dev/fig2dev.c b/fig2dev/fig2dev.c +--- a/fig2dev/fig2dev.c ++++ b/fig2dev/fig2dev.c +@@ -826,6 +826,23 @@ help_msg(void) ); } @@ -425,7 +423,7 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html if (dev == NULL || !strcmp(lang, "shape")) { puts( "SHAPE (ShapePar driver) Options:\n" -@@ -968,6 +985,12 @@ static int compound_dump(F_compound *com +@@ -973,6 +990,12 @@ static int compound_dump(F_compound *com static int rec_comp(struct obj_rec *r1, struct obj_rec *r2) { @@ -438,8 +436,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html return (r2->depth - r1->depth); } ---- a/fig2dev-3.2.7b/fig2mpdf/copyright.txt -+++ b/fig2dev-3.2.7b/fig2mpdf/copyright.txt +diff --git a/fig2mpdf/copyright.txt b/fig2mpdf/copyright.txt +--- a/fig2mpdf/copyright.txt ++++ b/fig2mpdf/copyright.txt @@ -0,0 +1,25 @@ +The following files contain copyright and license info for +the code they contain: @@ -466,8 +465,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html + + (Author's note: the license is in the file gpl.txt, which is included + in the archive.) ---- a/fig2dev-3.2.7b/fig2mpdf/fig2mpdf.1 -+++ b/fig2dev-3.2.7b/fig2mpdf/fig2mpdf.1 +diff --git a/fig2mpdf/fig2mpdf.1 b/fig2mpdf/fig2mpdf.1 +--- a/fig2mpdf/fig2mpdf.1 ++++ b/fig2mpdf/fig2mpdf.1 @@ -0,0 +1,208 @@ +.TH fig2mpdf 1 "Jun 2006" "" "Including xfig figures into LaTeX documents" +.SH NAME @@ -677,8 +677,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html +.IR pdflatex(1) +.IR latex(1) +.IR dvips(1) ---- a/fig2dev-3.2.7b/fig2mpdf/fig2mpdf -+++ b/fig2dev-3.2.7b/fig2mpdf/fig2mpdf +diff --git a/fig2mpdf/fig2mpdf b/fig2mpdf/fig2mpdf +--- a/fig2mpdf/fig2mpdf ++++ b/fig2mpdf/fig2mpdf @@ -0,0 +1,653 @@ +#!/bin/sh + @@ -1333,8 +1334,9 @@ Origin: http://p3f.gmxhome.de/fig2mpdf/fig2mpdf.html +} +' -- $* + ---- a/fig2dev-3.2.7b/man/fig2dev.1.in -+++ b/fig2dev-3.2.7b/man/fig2dev.1.in +diff --git a/man/fig2dev.1.in b/man/fig2dev.1.in +--- a/man/fig2dev.1.in ++++ b/man/fig2dev.1.in @@ -64,8 +64,8 @@ Set the output graphics language. Valid languages are \fBbox, cgm, dxf, epic, eepic, eepicemu, emf, eps, gbx (Gerber beta diff --git a/fig2dev-3.2.6a-RGBFILE.patch b/fig2dev-3.2.6a-RGBFILE.patch index 3dbfc03..b0f7ec9 100644 --- a/fig2dev-3.2.6a-RGBFILE.patch +++ b/fig2dev-3.2.6a-RGBFILE.patch @@ -9,7 +9,7 @@ Subject: rgb.txt can not be located via FIG2DEV_RGBFILE environment variable. --- a/fig2dev/colors.c +++ b/fig2dev/colors.c 2019-10-29 11:03:32.206632962 +0000 -@@ -731,8 +731,13 @@ read_colordb(void) +@@ -730,8 +730,13 @@ read_colordb(void) FILE *fp; #define MAX_LINE 100 char s[MAX_LINE], s1[MAX_LINE]; diff --git a/fig2dev-3.2.7b.tar.xz b/fig2dev-3.2.7b.tar.xz deleted file mode 100644 index f628acf..0000000 --- a/fig2dev-3.2.7b.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:47dc1b4420a1bc503b3771993e19cdaf75120d38be6548709f7d84f7b07d68b2 -size 512224 diff --git a/fig2dev-3.2.8.tar.xz b/fig2dev-3.2.8.tar.xz new file mode 100644 index 0000000..077e82d --- /dev/null +++ b/fig2dev-3.2.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:931258ae43950d0931ddcea13ce6554d2cd7fc3c93585aebf74e393bb14fe27d +size 518984 diff --git a/transfig-3.2.6.dif b/transfig-3.2.6.dif deleted file mode 100644 index 5fdce95..0000000 --- a/transfig-3.2.6.dif +++ /dev/null @@ -1,171 +0,0 @@ ---- - fig2dev/dev/genps.c | 29 ++++++++++++++++++++++++----- - fig2dev/dev/genpstex.c | 8 ++++++-- - fig2dev/fig2ps2tex.csh | 2 +- - fig2dev/getopt.c | 9 +++++++++ - transfig/transfig.c | 2 ++ - 5 files changed, 42 insertions(+), 8 deletions(-) - ---- fig2dev/dev/genps.c -+++ fig2dev/dev/genps.c 2018-05-07 08:16:40.161130640 +0000 -@@ -59,6 +59,7 @@ - #include - #endif - #include -+#include - #include "pi.h" - - #include "fig2dev.h" /* includes "bool.h" */ -@@ -844,8 +845,9 @@ genps_start(F_compound *objects) - fprintf(tfp, "%s\n", SPLINE_PS); - #ifdef I18N - if (support_i18n && iso_text_exist(objects)) { -- char *libdir, *locale; -+ char *libdir, *locale, *codeset; - char localefile[512], str[512]; -+ size_t llen; - FILE *fp; - libdir = getenv("FIG2DEV_LIBDIR"); - #ifdef I18N_DATADIR -@@ -853,18 +855,35 @@ genps_start(F_compound *objects) - libdir = I18N_DATADIR; - #endif - locale = setlocale(LC_CTYPE, NULL); -+ llen = strcspn(locale, ".@"); -+ codeset = nl_langinfo(CODESET); - if (locale == NULL) { - fprintf(stderr, - "fig2dev: LANG not defined; assuming C locale\n"); - locale = "C"; - } -- sprintf(localefile, "%s/%s.ps", libdir, locale); -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, locale); - /* get filename like ``/usr/local/lib/fig2dev/japanese.ps'' */ - fp = fopen(localefile, "rb"); - if (fp == NULL) { -- fprintf(stderr, "fig2dev: can not open file: %s\n", -- localefile); -- } else { -+ fprintf(stderr, "fig2dev: can not open file: %s\n", localefile); -+ } -+ if (fp == NULL && strlen(locale) != llen) { -+ locale[llen] = '\0'; -+ /* get filename like ``/usr/local/lib/fig2dev/de_DE.ps'' */ -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, locale); -+ fp = fopen(localefile, "rb"); -+ if (fp == NULL) -+ fprintf(stderr, "fig2dev: B can't open file: %s\n", localefile); -+ } -+ if (fp == NULL && codeset) { -+ /* get filename like ``/usr/local/lib/fig2dev/ISO-8859-9.ps'' */ -+ snprintf(localefile, sizeof(localefile)-1, "%s/%s.ps", libdir, codeset); -+ fp = fopen(localefile, "rb"); -+ if (fp == NULL) -+ fprintf(stderr, "fig2dev: C can't open file: %s\n", localefile); -+ } -+ if (fp) { - while (fgets(str, sizeof(str), fp)) { - if (strstr(str, "CompositeRoman")) - enable_composite_font = true; ---- fig2dev/dev/genpstex.c -+++ fig2dev/dev/genpstex.c 2018-05-07 08:10:27.872048970 +0000 -@@ -47,6 +47,7 @@ - #include - #include - #include -+#include - - #include "fig2dev.h" - #include "object.h" /* does #include */ -@@ -63,10 +64,13 @@ extern void - genps_spline(F_spline *s), - genlatex_option(char opt, char *optarg), - genlatex_text(F_text *t), -- genps_text(F_text *t); -+ genps_text(F_text *t), -+ genpdf_option(char opt, char *optarg), -+ genpdf_start(F_compound *objects); - extern int - genlatex_end(void), -- genps_end(void); -+ genps_end(void), -+ genpdf_end(void); - - extern void genpdf_option(char opt, char *optarg); /* genpdf.c */ - extern void genpdf_start(F_compound *objects); /* genpdf.c */ ---- fig2dev/fig2ps2tex.csh -+++ fig2dev/fig2ps2tex.csh 2018-05-07 08:11:38.206742453 +0000 -@@ -22,7 +22,7 @@ - # 2016-07-07 Thomas Loimer - # * use here-document, instead of echo - # -- -+set echo_style = bsd - set bbox = `grep "^%%BoundingBox:" $1` - - set xsp = `echo "3k $bbox[4] $bbox[2] - 72 / p" | dc` ---- fig2dev/getopt.c -+++ fig2dev/getopt.c 2018-05-07 08:13:44.400397232 +0000 -@@ -48,6 +48,7 @@ static char sccsfid[] = "@(#) getopt.c 5 - #define EMSG "" - #define ENDARGS "--" - -+#ifndef __GLIBC__ - /* - * get option letter from argument vector - */ -@@ -94,3 +95,11 @@ fig_getopt(int nargc, char **nargv, char - } - return optc; /* dump back option letter */ - } -+#else -+#include -+int -+fig_getopt(int nargc, char * const nargv[], const char *ostr) -+{ -+ return getopt(nargc, nargv, ostr); -+} -+#endif ---- transfig/transfig.c -+++ transfig/transfig.c 2018-05-07 08:01:42.105796359 +0000 -@@ -26,6 +26,8 @@ - - #include - #include -+#include -+#include - #include "transfig.h" - - extern void sysmv(char *file); /* sys.c */ ---- configure -+++ configure 2020-01-24 13:08:02.103408590 +0000 -@@ -4122,7 +4122,7 @@ main () - - int dynamic_array[ni.number]; - dynamic_array[ni.number - 1] = 543; -- -+ free(ia); - // work around unused variable warnings - return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' - || dynamic_array[ni.number - 1] != 543); -@@ -6377,8 +6377,8 @@ char *malloc (); - int - main () - { --return ! malloc (0); -- ; -+void *tmp = malloc (0); -+if (tmp) free (tmp); return !tmp; - return 0; - } - _ACEOF -@@ -6444,7 +6444,8 @@ char *realloc (); - int - main () - { --return ! realloc (0, 0); -+void *tmp = realloc (0, 0); -+if (tmp) free (tmp); return !tmp; - ; - return 0; - } diff --git a/transfig-3.2.8.dif b/transfig-3.2.8.dif new file mode 100644 index 0000000..fae4f7e --- /dev/null +++ b/transfig-3.2.8.dif @@ -0,0 +1,163 @@ +--- + configure | 2 +- + fig2dev/dev/genps.c | 32 ++++++++++++++++++++++---------- + fig2dev/dev/genpstex.c | 8 ++++++-- + fig2dev/fig2ps2tex.csh | 2 +- + fig2dev/lib/getopt.c | 9 +++++++++ + transfig/transfig.c | 2 ++ + 6 files changed, 41 insertions(+), 14 deletions(-) + +--- configure ++++ configure 2021-02-12 08:54:37.958704809 +0000 +@@ -4015,7 +4015,7 @@ main () + + int dynamic_array[ni.number]; + dynamic_array[ni.number - 1] = 543; +- ++ free(ia); + // work around unused variable warnings + return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' + || dynamic_array[ni.number - 1] != 543); +--- fig2dev/dev/genps.c ++++ fig2dev/dev/genps.c 2021-02-12 09:13:56.896176342 +0000 +@@ -56,6 +56,7 @@ + #include + #endif + #include ++#include + + #include "fig2dev.h" /* includes bool.h and object.h */ + //#include "object.h" /* NUMSHADES, NUMTINTS */ +@@ -958,9 +959,10 @@ genps_start(F_compound *objects) + fprintf(tfp, "%s\n", SPLINE_PS); + #ifdef I18N + if (support_i18n && iso_text_exist(objects)) { +- char *libdir, *locale; +- char localefile_buf[128]; +- char *localefile = localefile_buf; ++ char *libdir, *locale, *codeset; ++ char *localefile = NULL; ++ size_t llen; ++ int ret; + FILE *fp; + libdir = getenv("FIG2DEV_LIBDIR"); + #ifdef I18N_DATADIR +@@ -968,19 +970,30 @@ genps_start(F_compound *objects) + libdir = I18N_DATADIR; + #endif + locale = setlocale(LC_CTYPE, NULL); ++ llen = strcspn(locale, ".@"); ++ codeset = nl_langinfo(CODESET); + if (locale == NULL) { + fprintf(stderr, + "fig2dev: LANG not defined; assuming C locale\n"); + locale = "C"; + } +- if (strlen(libdir) + strlen(locale) + 5 > sizeof localefile_buf) +- localefile = malloc(strlen(libdir) + strlen(locale) + 5); +- if (localefile != NULL) { +- sprintf(localefile, "%s/%s.ps", libdir, locale); ++ retry: ++ ret = asprintf(&localefile, "%s/%s.ps", libdir, locale); ++ if (ret > 0) { + /* get filename like + ``/usr/local/lib/fig2dev/japanese.ps'' */ + fp = fopen(localefile, "rb"); + if (fp == NULL) { ++ if (strlen(locale) != llen) { ++ free(localefile); ++ locale[llen] = '\0'; ++ goto retry; ++ } ++ if (codeset && locale != codeset) { ++ free(localefile); ++ locale = codeset; ++ goto retry; ++ } + fprintf(stderr, "fig2dev: can not open file: %s\n", + localefile); + } else { +@@ -998,11 +1011,10 @@ genps_start(F_compound *objects) + "The output might be broken.\n", + localefile); + } +- fclose(fp); ++ fclose(fp); + } +- } +- if (localefile != localefile_buf) + free(localefile); ++ } + } + #endif /* I18N */ + +--- fig2dev/dev/genpstex.c ++++ fig2dev/dev/genpstex.c 2021-02-12 09:17:16.360300734 +0000 +@@ -46,6 +46,7 @@ + + #include + #include ++#include + + #include "fig2dev.h" + #include "object.h" +@@ -62,10 +63,13 @@ extern void + genps_spline(F_spline *s), + genlatex_option(char opt, char *optarg), + genlatex_text(F_text *t), +- genps_text(F_text *t); ++ genps_text(F_text *t), ++ genpdf_option(char opt, char *optarg), ++ genpdf_start(F_compound *objects); + extern int + genlatex_end(void), +- genps_end(void); ++ genps_end(void), ++ genpdf_end(void); + + extern void genpdf_option(char opt, char *optarg); /* genpdf.c */ + extern void genpdf_start(F_compound *objects); /* genpdf.c */ +--- fig2dev/fig2ps2tex.csh ++++ fig2dev/fig2ps2tex.csh 2021-02-12 08:54:37.954704887 +0000 +@@ -22,7 +22,7 @@ + # 2016-07-07 Thomas Loimer + # * use here-document, instead of echo + # +- ++set echo_style = bsd + set bbox = `grep "^%%BoundingBox:" $1` + + set xsp = `echo "3k $bbox[4] $bbox[2] - 72 / p" | dc` +--- fig2dev/lib/getopt.c ++++ fig2dev/lib/getopt.c 2021-02-12 08:54:37.954704887 +0000 +@@ -42,6 +42,7 @@ + #define EMSG "" + #define ENDARGS "--" + ++#ifndef __GLIBC__ + /* + * get option letter from argument vector + */ +@@ -88,3 +89,11 @@ getopt(int nargc, char **nargv, const ch + } + return optc; /* dump back option letter */ + } ++#else ++#include ++int ++fig_getopt(int nargc, char * const nargv[], const char *ostr) ++{ ++ return getopt(nargc, nargv, ostr); ++} ++#endif +--- transfig/transfig.c ++++ transfig/transfig.c 2021-02-12 08:54:37.954704887 +0000 +@@ -26,6 +26,8 @@ + + #include + #include ++#include ++#include + #include "transfig.h" + + extern void sysmv(char *file); /* sys.c */ diff --git a/transfig-fix-afl.patch b/transfig-fix-afl.patch index fb85133..0f01fbd 100644 --- a/transfig-fix-afl.patch +++ b/transfig-fix-afl.patch @@ -1,10 +1,10 @@ --- - fig2dev-3.2.7b/fig2dev/alloc.h | 20 ++++++++++---------- + fig2dev-3.2.8/fig2dev/alloc.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) ---- fig2dev-3.2.7b/fig2dev/alloc.h -+++ fig2dev-3.2.7b/fig2dev/alloc.h 2019-10-29 10:49:00.939061663 +0000 -@@ -19,16 +19,16 @@ +--- fig2dev-3.2.8/fig2dev/alloc.h ++++ fig2dev-3.2.8/fig2dev/alloc.h 2021-02-12 09:43:47.313357380 +0000 +@@ -19,15 +19,15 @@ #ifndef ALLOC_H #define ALLOC_H @@ -29,5 +29,4 @@ +#define Control_malloc(z) z = calloc(CONTROL_SIZE,1) +#define Arrow_malloc(z) z = calloc(ARROW_SIZE,1) - extern char Err_mem[]; - + #endif /* ALLOC_H */ diff --git a/transfig.3.2.5-binderman.dif b/transfig.3.2.5-binderman.dif deleted file mode 100644 index 2a1261c..0000000 --- a/transfig.3.2.5-binderman.dif +++ /dev/null @@ -1,14 +0,0 @@ ---- - transfig/sys.c | 1 + - 1 file changed, 1 insertion(+) - ---- transfig/sys.c -+++ transfig/sys.c 2016-09-22 13:02:49.040774112 +0000 -@@ -39,6 +39,7 @@ sysls(void) - i += 1; - c = fgetc(ls); - } -+ pclose(ls); - sysbuf[i] = '\0'; - return sysbuf; - } diff --git a/transfig.3.2.5d-mediaboxrealnb.dif b/transfig.3.2.5d-mediaboxrealnb.dif deleted file mode 100644 index 739c069..0000000 --- a/transfig.3.2.5d-mediaboxrealnb.dif +++ /dev/null @@ -1,32 +0,0 @@ ---- - fig2dev/dev/readeps.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - ---- fig2dev/dev/readeps.c -+++ fig2dev/dev/readeps.c 2018-05-07 08:45:37.772825723 +0000 -@@ -83,9 +83,11 @@ read_eps_pdf(FILE *file, int filetype, F - while (fgets(buf, BUFSIZ, file) != NULL) { - /* look for /MediaBox for pdf file */ - if (pdf_flag) { -+ char *s; -+ for(s=buf; (s=strchr(s,'/')); s++) { - if (!strncmp(buf, "/MediaBox", 9)) { /* look for the MediaBox spec */ -- c = strchr(buf, '[') + 1; -- if (c && sscanf(c, "%d %d %d %d", llx, lly, &urx, &ury) < 4) -+ c = strchr(s, '['); -+ if (c && sscanf(c+1, "%d %d %d %d", llx, lly, &urx, &ury) < 4) - { - *llx = *lly = 0; - urx = paperdef[0].width*72; -@@ -93,7 +95,11 @@ read_eps_pdf(FILE *file, int filetype, F - put_msg("Bad MediaBox in imported PDF file %s, assuming %s size", - pic->file, metric? "A4" : "Letter" ); - } -+ pic->bit_size.x = (urx-(*llx)); -+ pic->bit_size.y = (ury-(*lly)); -+ break; - } -+ } - /* look for bounding box for EPS file */ - } else if (!nested && !strncmp(buf, "%%BoundingBox:", 14)) { - c = buf + 14; diff --git a/transfig.changes b/transfig.changes index a2141c8..7b443f1 100644 --- a/transfig.changes +++ b/transfig.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Fri Feb 12 09:50:30 UTC 2021 - Dr. Werner Fink + +- Update to fig2dev version 3.2.8 (Patchlevel 8 (Dec 2020) + o Use deflate to embed image data into eps output, often substantially + reducing file size. + o Embed pdf files into ps output by converting the pdf to eps. + o Allow negative arrow widths. This might be useful for asymmetric arrow + tips, which can thus be mirrored around the corresponding line. + Ticket numbers refer to https://sourceforge.net/p/mcj/tickets/#. + o Reject negative text font sizes. Fixes ticket #86. + o Allow fig files ending without previous eol character. Fixes #83, #84. + o Accept text and ellipse angles only within -2*pi to 2*pi. Fixes #76. + o Allow -1 as default TeX font, not only 0. Fixes #71, #75, #81. + o Do not allow ASCII NUL anywhere in input. Fixes #65, #68, #73, #80. + o Use getline() to improve input scanning. + Fixes tickets #58, #59, #61, #62, #67, #78, #79, #82. + o Correctly scan embedded pdfs for /MediaBox value. + o Convert polygons having too few points to polylines. Ticket #56. + o Reject huge arrow types causing integer overflow. Ticket #57. + o Allow Fig v2 text strings ending with multiple ^A. Ticket #55. + o Embed images in pdfs with their original compression type, i.e., leave + the gs switch "-dAutoFilterColorImages" at its default value "true". +- This update includes the fixes for + bsc#1159293 - CVE-2019-19797: transfig,xfig: out-of-bounds write in + read_colordef in read.c + bsc#1161698 - CVE-2019-19555: transfig,xfig: stack-based buffer + overflow because of an incorrect sscanf + bsc#1159130 - CVE-2019-19746: transfig,xfig: segmentation fault and + out-of-bounds write because of an integer overflow via + a large arrow type + and many more +- Port and rename patch transfig-3.2.6.dif which is now transfig-3.2.8.dif +- Remove patches now obsolete + * 00cded.patch + * 100e27.patch + * 2f8d1a.patch + * 3065eb.patch + * 3165d8.patch + * 421afa.patch + * 4d4e1f.patch + * 639c36.patch + * CVE-2019-19555.patch + * CVE-2019-19746.patch + * CVE-2019-19797.patch + * acccc8.patch + * c379fe.patch + * ca48cc.patch + * d6a10d.patch + * d70e4b.patch + * e3cee2.patch + * transfig.3.2.5-binderman.dif + * transfig.3.2.5d-mediaboxrealnb.dif +- Port patches + * fig2dev-3.2.6-fig2mpdf.patch + * fig2dev-3.2.6a-RGBFILE.patch + + ------------------------------------------------------------------- Wed Sep 30 10:48:31 UTC 2020 - Dr. Werner Fink diff --git a/transfig.spec b/transfig.spec index 9abc300..54b9a22 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,7 +1,7 @@ # # spec file for package transfig # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -45,34 +45,15 @@ Requires: ghostscript-fonts-std Requires: ghostscript-library Requires: netpbm Requires: texlive-epstopdf -Version: 3.2.7b +Version: 3.2.8 Release: 0 Summary: Graphic Converter #Source: http://sourceforge.net/projects/mcj/files/fig2dev-%{version}.tar.xz/download#/fig2dev-%{version}.tar.xz License: MIT Group: Productivity/Graphics/Convertors Source: fig2dev-%{version}.tar.xz -Patch0: transfig-3.2.6.dif -Patch1: CVE-2019-19555.patch -Patch2: transfig.3.2.5-binderman.dif -Patch3: transfig.3.2.5d-mediaboxrealnb.dif +Patch0: transfig-3.2.8.dif Patch4: transfig-fix-afl.patch -Patch5: CVE-2019-19746.patch -Patch6: c379fe.patch -Patch7: CVE-2019-19797.patch -Patch8: 00cded.patch -Patch9: d70e4b.patch -Patch10: d6a10d.patch -Patch11: acccc8.patch -Patch12: e3cee2.patch -Patch13: 421afa.patch -Patch14: 2f8d1a.patch -Patch15: 4d4e1f.patch -Patch16: 3165d8.patch -Patch17: 639c36.patch -Patch18: 100e27.patch -Patch19: 3065eb.patch -Patch20: ca48cc.patch Patch43: fig2dev-3.2.6-fig2mpdf.patch Patch44: fig2dev-3.2.6-fig2mpdf-doc.patch Patch45: fig2dev-3.2.6a-RGBFILE.patch @@ -113,27 +94,8 @@ Authors: %setup -q -n fig2dev-%{version} find -type f | xargs -r chmod a-x,go-w %patch0 -p0 -b .0 -%patch1 -p0 -b .sec -%patch2 -p0 -b .bm -%patch3 -p0 -b .mbox %patch4 -p1 -b .afl -%patch5 -p0 -b .sec2 -%patch6 -p0 -b .sec3 -%patch7 -p0 -b .sec4 -%patch8 -p0 -b .sec5 -%patch9 -p0 -b .sec6 -%patch10 -p0 -b .sec7 -%patch11 -p0 -b .sec8 -%patch12 -p0 -b .sec9 -%patch13 -p0 -b .sec10 -%patch14 -p0 -b .sec11 -%patch15 -p0 -b .sec12 -%patch16 -p0 -b .sec13 -%patch17 -p0 -b .sec14 -%patch18 -p0 -b .sec15 -%patch19 -p0 -b .sec16 -%patch20 -p0 -b .sec17 -%patch43 -p2 -b .mpdf +%patch43 -p1 -b .mpdf %patch44 -p1 -b .mpdfdoc %patch45 -p1 -b .p45