[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#29523: 25.3; buffer overflow in ns-font-name on mac
From: |
Alan Third |
Subject: |
bug#29523: 25.3; buffer overflow in ns-font-name on mac |
Date: |
Fri, 1 Dec 2017 19:43:08 +0000 |
User-agent: |
Mutt/1.9.1 (2017-09-22) |
On Fri, Dec 01, 2017 at 11:53:34PM +0900, Yuuki Harano wrote:
> After I evaluate this code on mac Emacs:
>
> (let ((font-name "") (i 0))
> (while (< i 100)
> (setq font-name (concat font-name "abcdefghijklmnopqrstuvwxyz"))
> (setq i (1+ i)))
> (setq font-name (concat "-*-" font-name "-"))
> (ns-font-name font-name)
> )
>
> then, Emacs crashes.
>
> The bug is in ns_xlfd_to_fontname() in nsterm.m:
>
> if (!strncmp (xlfd, "--", 2))
> sscanf (xlfd, "--%*[^-]-%[^-]179-", name);
> else
> sscanf (xlfd, "-%*[^-]-%[^-]179-", name);
>
> The positions of "179" are incorrect. They should be:
>
> if (!strncmp (xlfd, "--", 2))
> sscanf (xlfd, "--%*[^-]-%179[^-]-", name);
> else
> sscanf (xlfd, "-%*[^-]-%179[^-]-", name);
Thanks for the fix. I expect this is copyright exempt, so I’ll push
the fix to emacs-26 soon.
--
Alan Third