Applied with a few changes. Just commited to the CD SVN.
Thanks,
Scuri
Em qua., 8 de set. de 2021 às 00:05, sur-behoffski <
sur_behoff...@grouse.com.au> escreveu:
> G'day,
>
> Thanks for processing my previous patch.
>
> Here is another patch that uses snprintf(3) to avoid potential
> buffer overflow cases (and GCC 10.3 warnings):
>
> There's two instances of "%str" as part of a format specifier for
> the original "sprintf" code... These probably should be "%s".
>
> The error recovery code I've used in the change comes from code used
> a little further down the function... I'm not sure if I've tackled
> this the right way (and I haven't tried to comprehend the comments!)
>
> A patch is attached. The "%str"/"%s" discontinuity was only noticed
> late in the process, but I think I've caught it in the patch.
>
> cheers,
>
> s-b etc.
>
>
> --------
>
>
> -- (Original start of cdCanvasVectorFont (rather long, sigh)) --
>
>
> char *cdCanvasVectorFont(cdCanvas* canvas, const char *file)
> {
> cdVectorFont* vector_font;
>
> assert(canvas);
> assert(file);
> if (!_cdCheckCanvas(canvas)) return NULL;
>
> vector_font = canvas->vector_font;
> if (!file || file[0] == 0)
> {
> vf_setdefaultfont(vector_font);
> vector_font->file_name[0] = 0;
> }
> else
> {
> FILE *font = NULL;
> int read_ok;
> char *env;
>
> /* se arquivo foi o mesmo que o arq. corrente, entao retorna */
> if (strcmp (file, vector_font->file_name) == 0)
> return vector_font->name;
>
> /* abre arq. no dir. corrente */
> font = fopen(file, "r");
>
> /* se nao conseguiu, abre arq. no dir. do cd, */
> env = getenv("CDDIR");
> if (!font && env && strlen(file)<10240)
> {
> char filename[10240];
> sprintf(filename, "%str/%str", env, file);
> font = fopen(filename, "r");
> }
>
> if (font)
> read_ok = vf_readfontfile(font, vector_font);
> else
> read_ok = vf_readfontstring(file, vector_font);
>
> if (!read_ok)
> {
> if (font) fclose(font);
> vf_setdefaultfont(vector_font);
> vector_font->file_name[0] = 0;
> return NULL;
> }
>
> /* ... remainder of function elided ... */
>
>
>
> --------
>
>
>
> char *cdCanvasVectorFont(cdCanvas* canvas, const char *file)
> {
> cdVectorFont* vector_font;
>
> assert(canvas);
> assert(file);
> if (!_cdCheckCanvas(canvas)) return NULL;
>
> vector_font = canvas->vector_font;
> if (!file || file[0] == 0)
> {
> vf_setdefaultfont(vector_font);
> vector_font->file_name[0] = 0;
> }
> else
> {
> FILE *font = NULL;
> int read_ok;
> char *env;
>
> /* se arquivo foi o mesmo que o arq. corrente, entao retorna */
> if (strcmp (file, vector_font->file_name) == 0)
> return vector_font->name;
>
> /* abre arq. no dir. corrente */
> font = fopen(file, "r");
>
> /* se nao conseguiu, abre arq. no dir. do cd, */
> env = getenv("CDDIR");
> if (!font && env)
> {
> char filename[10240];
> int result;
>
> result = snprintf(filename, sizeof(filename),
> "%s/%s",
> env, file);
> if ((result < 0) || (result >= sizeof(filename)))
> {
> vf_setdefaultfont(vector_font);
> vector_font->file_name[0] = 0;
> return NULL;
> }
> font = fopen(filename, "r");
> }
>
> if (font)
> read_ok = vf_readfontfile(font, vector_font);
> else
> read_ok = vf_readfontstring(file, vector_font);
>
> if (!read_ok)
> {
> if (font) fclose(font);
> vf_setdefaultfont(vector_font);
> vector_font->file_name[0] = 0;
> return NULL;
> }
>
> /* ... remainder of function elided ... */
>
> -- (End of text.) --
> _______________________________________________
> Iup-users mailing list
> Iup-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/iup-users
>
_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/iup-users
