Re: Buffer overflow in the StringQuotedWord() function

[William Bader]

>with test02 not.

valgrind also didn't always catch one of them.

I saw them both only by building with

TRACING = -g -fno-omit-frame-pointer -fsanitize=address

COPTS  = -ansi -pedantic -Wall -O1

plus I added COPTS and TRACING them to the lout link line

$(CC) -o lout $(COPTS) $(TRACING) $(OBJS) $(ZLIB) -lm

I used Fedora 31 Linux on x86_64 with Fedora's gcc 9.3.1

>I could create a repo for lout at GitLab.

If you make it, I can post my other big patch file as an issue. It fixes a crash on pages with lots of nested boxes, adds support for PDF images when generating postscript, fixes an invalid access on fonts with a lot of kerned glyphs, and scales images more accurately.

Regards,

William

---

From: Oliver Bandel <oliver@first.in-berlin.de>
Sent: Thursday, October 22, 2020 9:20 PM
To: Matěj Cepl <mcepl@cepl.eu>
Cc: William Bader <williambader@hotmail.com>; Frederic Cambus <fred@statdns.com>; lout-users@nongnu.org <lout-users@nongnu.org>
Subject: Re: Buffer overflow in the StringQuotedWord() function

 

Quoting  Matěj Cepl <mcepl@cepl.eu> (snt: 2020-10-22 07:58 +0200 CEST) (rcv: 2020-10-22 07:58 +0200 CEST):
> Oliver Bandel píše v Čt 22. 10. 2020 v 03:02 +0200:
> > I can't see the bug descriptions without logging in?
> > wtf.
>
> I am sorry about that. These are
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19918 and
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19917
> , and both come from this list. I hope that's readable.
[...]

With test01 I get a segfault,
with test02 not.

I will try Williams Patches soon.

And if no one else would like to do it,
I could create a repo for lout at GitLab.

Ciao,
  Oliver