On Fri, Nov 13, 2015 at 10:30:32PM +0100, Joerg Jung wrote: > Hi, > > please find attached a port for the new suckless presentation tool sent. > > OK to import?
hmm this code is of low quality for a tool released in 2015. http://marc.infœ?t=144772469400002&r=1&w=2 As part of the xorg security team I looked at this to see of libXft is responsible. I found that sent /etc/passwd will crash because 71 lines (on my machine) don't fit in a single slide and the code that looks for a small enough font is buggy. It uses an unsigned 'j' variable in a loop that says (getfontsize() sent.c:321) : for (j = NUMFONTSCALES - 1; j >= 0; j--) { so this will happily lead to huge j values, later used as indexes in an array... Even with that fixed, the same getfontsize() function won't be able to handle the lack of an appropriate font and reference font[-1] with joy and fireworks. Later in the oss-sec thread someone noticed that 'sent empty' with empty beeing a 0-length file will also produce a memory access error. Indeed with malloc.conf -> J it happily dereferences a 0xd0d0d0d0d0d0d0 pointer since there is not such input as line[0] if the file is empty. I looked at this to check if there are bugs in Xft, not as as potential user of misc/sent. So I won't bother trying to fix it, sorry. > > Regards, > Joerg > > > $ cat pkg/DESCR > > Simple plaintext presentation tool. > > sent does not need latex, libreoffice or any other fancy file format, it uses > plaintext files and png images. Currently every paragraph represents a slide > in > the presentation. Especially for presentations using the Takahashi method this > is very nice and allows you to write down the presentation for a quick > lightning > talk within a few minutes. > > The presentation is displayed in a simple X11 window colored black on white > for > maximum contrast even if the sun shines directly onto the projected image. The > content of each slide is automatically scaled to fit the window so you don't > have to worry about alignment. Instead you can really concentrate on the > content. -- Matthieu Herrb
signature.asc
Description: PGP signature
