[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#29523: 25.3; buffer overflow in ns-font-name on mac
|
From: |
Yuuki Harano |
|
Subject: |
bug#29523: 25.3; buffer overflow in ns-font-name on mac |
|
Date: |
Fri, 01 Dec 2017 23:53:34 +0900 (JST) |
After I evaluate this code on mac Emacs:
(let ((font-name "") (i 0))
(while (< i 100)
(setq font-name (concat font-name "abcdefghijklmnopqrstuvwxyz"))
(setq i (1+ i)))
(setq font-name (concat "-*-" font-name "-"))
(ns-font-name font-name)
)
then, Emacs crashes.
The bug is in ns_xlfd_to_fontname() in nsterm.m:
if (!strncmp (xlfd, "--", 2))
sscanf (xlfd, "--%*[^-]-%[^-]179-", name);
else
sscanf (xlfd, "-%*[^-]-%[^-]179-", name);
The positions of "179" are incorrect. They should be:
if (!strncmp (xlfd, "--", 2))
sscanf (xlfd, "--%*[^-]-%179[^-]-", name);
else
sscanf (xlfd, "-%*[^-]-%179[^-]-", name);
Thanks.
In GNU Emacs 25.3.1 (x86_64-apple-darwin16.7.0, NS appkit-1504.83 Version
10.12.6 (Build 16G1036))
of 2017-12-01 built on yuukinombp.pink.masm11.ddo.jp
Windowing system distributor 'Apple', version 10.3.1504
Configured using:
'configure --without-x --with-ns --with-modules
PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/lib64/pkgconfig'
Configured features:
NOTIFY ACL LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS MODULES
Important settings:
value of $LANG: ja_JP.UTF-8
locale-coding-system: utf-8-unix
Major mode: Fundamental
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
buffer-read-only: t
line-number-mode: t
transient-mark-mode: t
Recent messages:
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message dired format-spec rfc822 mml
mml-sec password-cache epg gnus-util mm-decode mm-bodies mm-encode
mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047
rfc2045 ietf-drums mm-util help-fns mail-prsvr mail-utils ibuf-macs
ibuffer finder-inf info package epg-config seq byte-opt gv bytecomp
byte-compile cl-extra help-mode easymenu cconv cl-loaddefs pcase cl-lib
time-date mule-util japan-util tooltip eldoc electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel ns-win ucs-normalize
term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment elisp-mode lisp-mode prog-mode register page
menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core frame cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese charscript case-table epa-hook jka-cmpr-hook help
simple abbrev minibuffer cl-preloaded nadvice loaddefs button faces
cus-face macroexp files text-properties overlay sha1 md5 base64 format
env code-pages mule custom widget hashtable-print-readable backquote
kqueue cocoa ns multi-tty make-network-process emacs)
Memory information:
((conses 16 220523 8595)
(symbols 48 21882 0)
(miscs 40 81 191)
(strings 32 23156 7162)
(string-bytes 1 718249)
(vectors 16 44445)
(vector-slots 8 816828 4794)
(floats 8 194 21)
(intervals 56 193 0)
(buffers 976 18))
--
Yuuki Harano
- bug#29523: 25.3; buffer overflow in ns-font-name on mac,
Yuuki Harano <=