CVS commit: xsrc/external/mit/libXfont/dist/src/bitmap

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    xsrc
Committed By:   wiz
Date:           Tue Jan  7 07:42:25 UTC 2014

Modified Files:
        xsrc/external/mit/libXfont/dist/src/bitmap: bdfread.c

Log Message:
Additional hardening from upstream:

>From f8b21df399fbedd08da88752181b8a290a38d890 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
Date: Mon, 23 Dec 2013 19:01:11 -0800
Subject: [PATCH:libXfont 2/2] Limit additional sscanf strings to fit buffer
 sizes

None of these could currently result in buffer overflow, as the input
and output buffers were the same size, but adding limits helps ensure
we keep it that way, if we ever resize any of these in the future.

Fixes cppcheck warnings:
 [lib/libXfont/src/bitmap/bdfread.c:547]: (warning)
  scanf without field width limits can crash with huge input data.
 [lib/libXfont/src/bitmap/bdfread.c:553]: (warning)
  scanf without field width limits can crash with huge input data.
 [lib/libXfont/src/bitmap/bdfread.c:636]: (warning)
  scanf without field width limits can crash with huge input data.

Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
Reviewed-by: Matthieu Herrb <matthieu%herrb.eu@localhost>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu%apple.com@localhost>
---
 src/bitmap/bdfread.c |   14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 xsrc/external/mit/libXfont/dist/src/bitmap/bdfread.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.