Package: sfnt2woff-zopfli Version: 1.3.1-2 Severity: normal Tags: patch Dear Maintainer,
$ woff2sfnt
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////usr/share/fonts-font-awesome/fonts/fontawesome-webfont.woffa
> /dev/null
*** buffer overflow detected ***: terminated
Aborted
$ valgrind woff2sfnt
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////usr/share/fonts-font-awesome/fonts/fontawesome-webfont.woffa
> /dev/null
==1115459== Memcheck, a memory error detector
==1115459== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==1115459== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==1115459== Command: woff2sfnt
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////usr/share/fonts-font-awesome/fonts/fontawesome-webfont.woffa
==1115459==
*** buffer overflow detected ***: terminated
==1115459==
==1115459== Process terminating with default action of signal 6 (SIGABRT)
==1115459== at 0x4926EEC: __pthread_kill_implementation (pthread_kill.c:44)
==1115459== by 0x48D7FB1: raise (raise.c:26)
==1115459== by 0x48C2471: abort (abort.c:79)
==1115459== by 0x491B42E: __libc_message (libc_fatal.c:156)
==1115459== by 0x49B41C1: __fortify_fail (fortify_fail.c:26)
==1115459== by 0x49B2CCF: __chk_fail (chk_fail.c:28)
==1115459== by 0x4914248: _IO_str_chk_overflow (iovsprintf.c:35)
==1115459== by 0x491F1F0: _IO_default_xsputn (genops.c:399)
==1115459== by 0x491F1F0: _IO_default_xsputn (genops.c:370)
==1115459== by 0x48FA0FE: outstring_func (vfprintf-internal.c:239)
==1115459== by 0x48FA0FE: __vfprintf_internal (vfprintf-process-arg.c:421)
==1115459== by 0x49142F6: __vsprintf_internal (iovsprintf.c:96)
==1115459== by 0x49B27EC: __sprintf_chk (sprintf_chk.c:40)
==1115459== by 0x10B2B9: ??? (in /usr/bin/woff2sfnt-zopfli)
==1115459==
==1115459== HEAP SUMMARY:
==1115459== in use at exit: 0 bytes in 0 blocks
==1115459== total heap usage: 1 allocs, 1 frees, 472 bytes allocated
==1115459==
==1115459== All heap blocks were freed -- no leaks are possible
==1115459==
==1115459== For lists of detected and suppressed errors, rerun with: -s
==1115459== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Aborted
sfnt2woff and woff2sfnt both carry
const uint8_t *
readFile(const char * name, uint32_t * len)
{
FILE * inFile = fopen(name, "rb");
if (!inFile) {
char buf[200];
sprintf(buf, "unable to open file %s", name);
die(buf);
}
Best,
-- System Information:
Debian Release: 12.11
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-35-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sfnt2woff-zopfli depends on:
ii libc6 2.36-9+deb12u10
ii libzopfli1 1.0.3-1
ii zlib1g 1:1.2.13.dfsg-1
sfnt2woff-zopfli recommends no packages.
sfnt2woff-zopfli suggests no packages.
-- no debconf information
From: =?utf-8?b?0L3QsNCx?= <[email protected]> Date: Thu, 21 Aug 2025 20:42:02 +0200 Subject: Deduplicate die/reportErr/readFile --- sfnt2woff-zopfli.h | 39 +++++++++++++++++++++++++++++++++++++++ sfnt2woff.c | 41 +---------------------------------------- woff2sfnt.c | 41 +---------------------------------------- 3 files changed, 41 insertions(+), 80 deletions(-) create mode 100644 sfnt2woff-zopfli.h diff --git a/sfnt2woff-zopfli.h b/sfnt2woff-zopfli.h new file mode 100644 index 0000000..8e5ab84 --- /dev/null +++ b/sfnt2woff-zopfli.h @@ -0,0 +1,39 @@ +static void +die(const char * msg) +{ + fprintf(stderr, "# fatal error: %s\n", msg); + exit(2); +} + +static void +reportErr(uint32_t status) +{ + woffPrintStatus(stderr, status, "### "); + exit(status & 0xff); +} + +const uint8_t * +readFile(const char * name, uint32_t * len) +{ + FILE * inFile = fopen(name, "rb"); + if (!inFile) { + char buf[200]; + sprintf(buf, "unable to open file %s", name); + die(buf); + } + + if (fseek(inFile, 0, SEEK_END) != 0) + die("seek failure"); + *len = ftell(inFile); + if (fseek(inFile, 0, SEEK_SET) != 0) + die("seek failure"); + + uint8_t * data = (uint8_t *) malloc(*len); + if (!data) + die("malloc failure"); + if (fread(data, 1, *len, inFile) != *len) + die("file read failure"); + fclose(inFile); + + return data; +} diff --git a/sfnt2woff.c b/sfnt2woff.c index 943f2b1..83622ea 100644 --- a/sfnt2woff.c +++ b/sfnt2woff.c @@ -41,20 +41,7 @@ #include <unistd.h> #include "woff.h" - -static void -die(const char * msg) -{ - fprintf(stderr, "# fatal error: %s\n", msg); - exit(2); -} - -static void -reportErr(uint32_t status) -{ - woffPrintStatus(stderr, status, "### "); - exit(2); -} +#include "sfnt2woff-zopfli.h" static void usage(const char * progName) @@ -70,32 +57,6 @@ usage(const char * progName) , progName); } -const uint8_t * -readFile(const char * name, uint32_t * len) -{ - FILE * inFile = fopen(name, "rb"); - if (!inFile) { - char buf[200]; - sprintf(buf, "unable to open file %s", name); - die(buf); - } - - if (fseek(inFile, 0, SEEK_END) != 0) - die("seek failure"); - *len = ftell(inFile); - if (fseek(inFile, 0, SEEK_SET) != 0) - die("seek failure"); - - uint8_t * data = (uint8_t *) malloc(*len); - if (!data) - die("malloc failure"); - if (fread(data, 1, *len, inFile) != *len) - die("file read failure"); - fclose(inFile); - - return data; -} - int main(int argc, char * argv[]) { diff --git a/woff2sfnt.c b/woff2sfnt.c index c4d39fd..948f860 100644 --- a/woff2sfnt.c +++ b/woff2sfnt.c @@ -44,20 +44,7 @@ #endif #include "woff.h" - -static void -die(const char * msg) -{ - fprintf(stderr, "# fatal error: %s\n", msg); - exit(2); -} - -static void -reportErr(uint32_t status) -{ - woffPrintStatus(stderr, status, "### "); - exit(status & 0xff); -} +#include "sfnt2woff-zopfli.h" static void usage(const char * progName) @@ -73,32 +60,6 @@ usage(const char * progName) , progName); } -const uint8_t * -readFile(const char * name, uint32_t * len) -{ - FILE * inFile = fopen(name, "rb"); - if (!inFile) { - char buf[200]; - sprintf(buf, "unable to open file %s", name); - die(buf); - } - - if (fseek(inFile, 0, SEEK_END) != 0) - die("seek failure"); - *len = ftell(inFile); - if (fseek(inFile, 0, SEEK_SET) != 0) - die("seek failure"); - - uint8_t * data = (uint8_t *) malloc(*len); - if (!data) - die("malloc failure"); - if (fread(data, 1, *len, inFile) != *len) - die("file read failure"); - fclose(inFile); - - return data; -} - int main(int argc, char *argv[]) {
From: =?utf-8?b?0L3QsNCx?= <[email protected]> Date: Thu, 21 Aug 2025 20:49:57 +0200 Subject: Don't blow stack when fopen() fails with >179-byte filename --- sfnt2woff-zopfli.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/sfnt2woff-zopfli.h b/sfnt2woff-zopfli.h index 8e5ab84..3b6cb35 100644 --- a/sfnt2woff-zopfli.h +++ b/sfnt2woff-zopfli.h @@ -1,7 +1,14 @@ -static void -die(const char * msg) +#include <stdarg.h> + +static __attribute__((format(printf, 1, 2))) void +die(const char * msg, ...) { - fprintf(stderr, "# fatal error: %s\n", msg); + va_list ap; + va_start(ap, msg); + fputs("# fatal error: ", stderr); + vfprintf(stderr, msg, ap); + fputc('\n', stderr); + va_end(ap); exit(2); } @@ -17,9 +24,7 @@ readFile(const char * name, uint32_t * len) { FILE * inFile = fopen(name, "rb"); if (!inFile) { - char buf[200]; - sprintf(buf, "unable to open file %s", name); - die(buf); + die("unable to open file %s", name); } if (fseek(inFile, 0, SEEK_END) != 0)
signature.asc
Description: PGP signature
