aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch
blob: e6fd506b374f1c18c33b1624d712d387c8016d08 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015.patch
Patch adjusted to remove the lines modifying caca/t/canvas.cpp. This file does not exist in the current release.

From e4968ba6e93e9fd35429eb16895c785c51072015 Mon Sep 17 00:00:00 2001
From: Sam Hocevar <sam@hocevar.net>
Date: Fri, 26 Feb 2021 12:40:06 +0100
Subject: [PATCH] Fix a problem in the caca_resize() overflow detection and add
 several unit tests.

---
 caca/canvas.c     | 16 ++++++++--------
 caca/t/canvas.cpp | 18 +++++++++++++++---
 tools/makefont.c  | 22 +++++++++++++++++++---
 3 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/caca/canvas.c b/caca/canvas.c
index d0715392..08c628c9 100644
--- a/caca/canvas.c
+++ b/caca/canvas.c
@@ -367,6 +367,14 @@ int caca_resize(caca_canvas_t *cv, int width, int height)
 {
     int x, y, f, old_width, old_height, old_size;
 
+    /* Check for overflow */
+    int new_size = width * height;
+    if (new_size < 0 || (width > 0 && new_size / width != height))
+    {
+        seterrno(EOVERFLOW);
+        return -1;
+    }
+
     old_width = cv->width;
     old_height = cv->height;
     old_size = old_width * old_height;
@@ -377,14 +385,6 @@ int caca_resize(caca_canvas_t *cv, int width, int height)
      * dirty rectangle handling */
     cv->width = width;
     cv->height = height;
-    int new_size = width * height;
-
-    /* Check for overflow */
-    if (new_size / width != height)
-    {
-        seterrno(EOVERFLOW);
-        return -1;
-    }
 
     /* If width or height is smaller (or both), we have the opportunity to
      * reduce or even remove dirty rectangles */
diff --git a/tools/makefont.c b/tools/makefont.c
index 226c8838..66718605 100644
--- a/tools/makefont.c
+++ b/tools/makefont.c
@@ -40,7 +40,8 @@
  * and the UTF-8 glyphs necessary for canvas rotation and mirroring. */
 static unsigned int const blocklist[] =
 {
-    0x0000, 0x0080, /* Basic latin: A, B, C, a, b, c */
+    0x0020, 0x0080, /* Basic latin: A, B, C, a, b, c */
+#if 0
     0x0080, 0x0100, /* Latin-1 Supplement: Ä, Ç, å, ß */
     0x0100, 0x0180, /* Latin Extended-A: Ā č Ō œ */
     0x0180, 0x0250, /* Latin Extended-B: Ǝ Ƹ */
@@ -63,6 +64,7 @@ static unsigned int const blocklist[] =
     0x30a0, 0x3100, /* Katakana: ロ ル */
     0xff00, 0xfff0, /* Halfwidth and Fullwidth Forms: A, B, C, a, b, c */
     0x10400, 0x10450, /* Deseret: 𐐒 𐐋 */
+#endif
     0, 0
 };
 
@@ -317,8 +319,22 @@ int main(int argc, char *argv[])
             printf_unicode(&gtab[n]);
 
             if(gtab[n].same_as == n)
-                printf_hex(" */ %s\n",
-                           glyph_data + gtab[n].data_offset, gtab[n].data_size);
+            {
+                char const *lut = " .:nmW@";
+                printf("\n");
+                for (int y = 0; y < height; ++y)
+                {
+                    for (int x = 0; x < gtab[n].data_width; ++x)
+                    {
+                        int val = glyph_data[gtab[n].data_offset + y * gtab[n].data_width + x];
+                        char ch = lut[val * val * 7 / 256 / 256];
+                        printf("%c%c", ch, ch);
+                    }
+                    printf("\n");
+                }
+                //printf_hex(" */ %s\n",
+                //           glyph_data + gtab[n].data_offset, gtab[n].data_size);
+            }
             else
             {
                 printf(" is ");