Received: by mail.netbsd.org (Postfix, from userid 605) id 65E6714A30F; Tue, 7 Jan 2014 07:42:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 052DD14A2E5 for ; Tue, 7 Jan 2014 07:42:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id v76rIrXeatqv for ; Tue, 7 Jan 2014 07:42:25 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 6F94214A2DF for ; Tue, 7 Jan 2014 07:42:25 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 6D72896; Tue, 7 Jan 2014 07:42:25 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Tue, 7 Jan 2014 07:42:25 +0000 From: "Thomas Klausner" Subject: CVS commit: xsrc/external/mit/libXfont/dist/src/bitmap To: source-changes@NetBSD.org X-Mailer: log_accum Message-Id: <20140107074225.6D72896@cvs.netbsd.org> Sender: source-changes-owner@NetBSD.org List-Id: source-changes.NetBSD.org Precedence: bulk Reply-To: source-changes-d@NetBSD.org Mail-Reply-To: "Thomas Klausner" Mail-Followup-To: source-changes-d@NetBSD.org Module Name: xsrc Committed By: wiz Date: Tue Jan 7 07:42:25 UTC 2014 Modified Files: xsrc/external/mit/libXfont/dist/src/bitmap: bdfread.c Log Message: Additional hardening from upstream: From f8b21df399fbedd08da88752181b8a290a38d890 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Mon, 23 Dec 2013 19:01:11 -0800 Subject: [PATCH:libXfont 2/2] Limit additional sscanf strings to fit buffer sizes None of these could currently result in buffer overflow, as the input and output buffers were the same size, but adding limits helps ensure we keep it that way, if we ever resize any of these in the future. Fixes cppcheck warnings: [lib/libXfont/src/bitmap/bdfread.c:547]: (warning) scanf without field width limits can crash with huge input data. [lib/libXfont/src/bitmap/bdfread.c:553]: (warning) scanf without field width limits can crash with huge input data. [lib/libXfont/src/bitmap/bdfread.c:636]: (warning) scanf without field width limits can crash with huge input data. Signed-off-by: Alan Coopersmith Reviewed-by: Matthieu Herrb Reviewed-by: Jeremy Huddleston Sequoia --- src/bitmap/bdfread.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 xsrc/external/mit/libXfont/dist/src/bitmap/bdfread.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.