From d4aef6a074bedb42ab9c400b5f998dd79bc57d00 Mon Sep 17 00:00:00 2001 From: rsc Date: Thu, 12 May 2005 16:55:14 +0000 Subject: handle arbitrary length names in subfontname. handle overflow in offset computation in font.c --- src/libdraw/font.c | 8 +++++--- src/libdraw/subfontname.c | 22 +++++++++++++--------- 2 files changed, 18 insertions(+), 12 deletions(-) (limited to 'src/libdraw') diff --git a/src/libdraw/font.c b/src/libdraw/font.c index d7a93545..7aa649e8 100644 --- a/src/libdraw/font.c +++ b/src/libdraw/font.c @@ -177,7 +177,7 @@ int loadchar(Font *f, Rune r, Cacheinfo *c, int h, int noflush, char **subfontname) { int i, oi, wid, top, bottom; - Rune pic; + int pic; /* need >16 bits for adding offset below */ Fontchar *fi; Cachefont *cf; Cachesubf *subf, *of; @@ -270,10 +270,12 @@ loadchar(Font *f, Rune r, Cacheinfo *c, int h, int noflush, char **subfontname) Found2: subf->age = f->age; + /* possible overflow here, but works out okay */ pic += cf->offset; - if(pic-cf->min >= subf->f->n) + pic -= cf->min; + if(pic >= subf->f->n) goto TryPJW; - fi = &subf->f->info[pic - cf->min]; + fi = &subf->f->info[pic]; if(fi->width == 0) goto TryPJW; wid = (fi+1)->x - fi->x; diff --git a/src/libdraw/subfontname.c b/src/libdraw/subfontname.c index bf397cb5..1374ef31 100644 --- a/src/libdraw/subfontname.c +++ b/src/libdraw/subfontname.c @@ -9,20 +9,22 @@ char* subfontname(char *cfname, char *fname, int maxdepth) { - char *t, *u, tmp1[64], tmp2[64]; + char *t, *u, *tmp1, *tmp2; int i; + t = strdup(cfname); /* t is the return string */ if(strcmp(cfname, "*default*") == 0) - return strdup(cfname); - t = cfname; + return t; if(t[0] != '/'){ - snprint(tmp2, sizeof tmp2, "%s", fname); + tmp2 = strdup(fname); u = utfrrune(tmp2, '/'); if(u) u[0] = 0; else strcpy(tmp2, "."); - snprint(tmp1, sizeof tmp1, "%s/%s", tmp2, t); + tmp1 = smprint("%s/%s", tmp2, t); + free(tmp2); + free(t); t = tmp1; } @@ -33,14 +35,16 @@ subfontname(char *cfname, char *fname, int maxdepth) if((1< maxdepth) continue; /* try i-bit grey */ - snprint(tmp2, sizeof tmp2, "%s.%d", t, i); - if(access(tmp2, AREAD) == 0) - return strdup(tmp2); + tmp2 = smprint("%s.%d", t, i); + if(access(tmp2, AREAD) == 0) { + free(t); + return tmp2; + } } /* try default */ if(access(t, AREAD) == 0) - return strdup(t); + return t; return nil; } -- cgit v1.2.3