extend the size limit of an encoding file#3
Closed
coolwanglu wants to merge 1 commit intofontforge:masterfrom
coolwanglu:pull3
Closed
extend the size limit of an encoding file#3coolwanglu wants to merge 1 commit intofontforge:masterfrom coolwanglu:pull3
coolwanglu wants to merge 1 commit intofontforge:masterfrom
coolwanglu:pull3
Conversation
Contributor
|
I don’t really know, the limit have been in the initial commit of the file. Almost all encoding files I’ve seen have 255 entries only, so I think 1024 was a fair limit. Seems harmless, so applied. |
Contributor
Author
|
Well, that was a Chinese font, you can imagine that even 1024 is not enough. :) |
khaledhosny
added a commit
that referenced
this pull request
Aug 27, 2012
I don't know why it is crshing now (may be the resources?) as this code have
been like that since the dawn of time.
Traceback:
0xb78289b0 in check_image_buffers (gdisp=0x84d5c78, neww=<optimized out>, newh=7, is_bitmap=0) at gimagexdraw.c:1705
1705 if ( width > gdisp->gg.iwidth || depth!=gdisp->gg.img->depth ) {
(gdb) bt
#0 0xb78289b0 in check_image_buffers (gdisp=0x84d5c78, neww=<optimized out>, newh=7, is_bitmap=0) at gimagexdraw.c:1705
#1 0xb782b595 in gximage_to_ximage (image=0x8527ff0, src=0xbfffa0a0, gw=<optimized out>) at gimagexdraw.c:1778
#2 0xb782e8c2 in _GXDraw_Image (_w=0x9bf4bb0, image=<optimized out>, src=0xbfffa0a0, x=8250, y=7) at gimagexdraw.c:1981
#3 0xb7807a98 in GDrawDrawScaledImage (w=0x9bf4bb0, img=0x8527ff0, x=8250, y=7) at gdraw.c:488
#4 0xb781b513 in GListMarkDraw (pixmap=0x9bf4bb0, x=8250, y=1, height=19, state=gs_enabled) at ggadgets.c:482
#5 0xb788c493 in GMatrixEdit_SubExpose (gme=0x9bd9448, pixmap=0x9bf4bb0, event=0xbfffa400) at gmatrixedit.c:1691
#6 0xb788c6b1 in matrixeditsub_e_h (gw=0x9bf4bb0, event=0xbfffa400) at gmatrixedit.c:1723
#7 0xb78040da in _GWidget_Container_eh (gw=0x9bd9178, event=0xbfffa400) at gcontainer.c:269
#8 0xb7878001 in dispatchEvent (gdisp=0x84d5c78, event=0xbfffa5ec) at gxdraw.c:3959
#9 0xb7878162 in GXDrawProcessOneEvent (gdisp=0x84d5c78) at gxdraw.c:3991
#10 0xb7808606 in GDrawProcessOneEvent (gdisp=0x84d5c78) at gdraw.c:748
#11 0x080c77ff in ContextChainEdit (sf=0x9aa3c68, fpst=0x8ad982c, gfi=0x9afbfc0, newname=0x0, layer=1) at contextchain.c:3207
#12 0x0818f14a in _LookupSubtableContents (sf=0x9aa3c68, sub=0x8a9d43c, sd=0x0, def_layer=1) at lookupui.c:5531
#13 0x0813138d in LookupSubtableContents (gfi=0x9afbfc0, isgpos=0) at fontinfo.c:5941
#14 0x08136a16 in LookupMouse (gfi=0x9afbfc0, isgpos=0, event=0xbfffe930) at fontinfo.c:7336
#15 0x08136ccc in lookups_e_h (gw=0x9b98230, event=0xbfffe930, isgpos=0) at fontinfo.c:7380
#16 0x08136d78 in gsublookups_e_h (gw=0x9b98230, event=0xbfffe930) at fontinfo.c:7399
#17 0xb788f3b0 in drawable_e_h (pixmap=0x9b98230, event=0xbfffe930) at gdrawable.c:219
#18 0xb78048a7 in _GWidget_Container_eh (gw=0x9b98230, event=0xbfffe930) at gcontainer.c:393
#19 0xb7878001 in dispatchEvent (gdisp=0x84d5c78, event=0xbfffeb1c) at gxdraw.c:3959
#20 0xb7878480 in GXDrawEventLoop (gd=0x84d5c78) at gxdraw.c:4058
#21 0xb78086c1 in GDrawEventLoop (gdisp=0x84d5c78) at gdraw.c:766
#22 0x0822457c in main (argc=1, argv=0xbffff134) at startui.c:1501
This was referenced Dec 9, 2012
Closed
Closed
This was referenced Feb 18, 2013
Closed
This was referenced Apr 6, 2013
Closed
2 tasks
This was referenced Aug 29, 2013
Closed
Closed
Closed
8 tasks
Omnikron13
pushed a commit
to Omnikron13/fontforge
that referenced
this pull request
May 31, 2022
==10627==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00010e2239c1 at pc 0x000111258c3d bp 0x7ffee286c210 sp 0x7ffee286b988
WRITE of size 4 at 0x00010e2239c1 thread T0
#0 0x111258c3c in scanf_common(void*, int, bool, char const*, __va_list_tag*) (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x27c3c)
#1 0x111258d6d in wrap_vsscanf (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x27d6d)
#2 0x11125902c in wrap_sscanf (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x2802c)
fontforge#3 0x10de70b21 in PrefsUI_LoadPrefs prefs.c:1230
fontforge#4 0x10e02e0ce in fontforge_main startui.c:1109
fontforge#5 0x10d654b11 in main main.c:33
fontforge#6 0x7fff62d7b3d4 in start (libdyld.dylib:x86_64+0x163d4)
0x00010e2239c1 is located 63 bytes to the left of global variable 'fvhintingneededcol' defined in '../fontforgeexe/fontview.c:123:14' (0x10e223a00) of size 4
0x00010e2239c1 is located 0 bytes to the right of global variable 'warn_script_unsaved' defined in '../fontforgeexe/fontview.c:83:6' (0x10e2239c0) of size 1
SUMMARY: AddressSanitizer: global-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x27c3c) in scanf_common(void*, int, bool, char const*, __va_list_tag*)
warn_script_unsaved is declared as bool, but prefs.c:1230 casts its
pointer to int *, leading the issue above. Prefs of type pr_bool should
be int as well, FontForge is pre-C99 and does not know bool.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I found that the max input value is 1024 for a Consortium encoding file.
What the limit is 1024?
I'm current edit a pseudo-CID font dumped from a PDF font.
I'm saying pseudo because it was a CID font in that PDF file, but due to the way I dumped it, it's no longer CID.
Now I've also got an encoding file consisting the correct encoding of the glyphs, where the input space could be as large as 65535. I need to rewire the glyphs according to the encoding.
Shall we extend the size limit of the encoding file? Or am I not doing in the correct way?