1 diff -up tetex-src-3.0/texk/dviljk/dvi2xx.c.dviljktemp tetex-src-3.0/texk/dviljk/dvi2xx.c
2 --- tetex-src-3.0/texk/dviljk/dvi2xx.c.dviljktemp 1999-02-06 22:46:34.000000000 +0100
3 +++ tetex-src-3.0/texk/dviljk/dvi2xx.c 2007-11-13 14:53:45.000000000 +0100
6 -#define VERSION "2.6p2 (dviljk)"
7 +#define VERSION "dviljk (version 2.6p3)"
11 @@ -173,7 +173,7 @@ char *argv[];
12 y_origin = YDEFAULTOFF; /* y-origin in dots */
14 setbuf(ERR_STREAM, NULL);
15 - (void) strcpy(G_progname, argv[0]);
16 + G_progname = argv[0];
18 kpse_set_progname(argv[0]);
19 kpse_set_program_enabled (kpse_pk_format, MAKE_TEX_PK_BY_DEFAULT, kpse_src_compile);
20 @@ -2968,8 +2968,8 @@ char *argv[];
23 int argind; /* argument index for flags */
24 - char curarea[STRSIZE]; /* current file area */
25 - char curname[STRSIZE]; /* current file name */
26 + char *curarea; /* current file area */
27 + char *curname; /* current file name */
28 char *tcp, *tcp1; /* temporary character pointers */
30 double x_offset = 0.0, y_offset = 0.0;
31 @@ -2988,9 +2988,9 @@ char *argv[];
35 - if (argc == 2 && (strcmp (argv[1], "--version") == 0)) {
36 + if (argc == 2 && EQ(argv[1], "--version")) {
37 extern KPSEDLL char *kpathsea_version_string;
38 - puts ("dvilj(k) 2.6");
40 puts (kpathsea_version_string);
41 puts ("Copyright (C) 1997 Gustaf Neumann.\n\
42 There is NO warranty. You may redistribute this software\n\
43 @@ -3328,8 +3328,8 @@ Primary author of Dvi2xx: Gustaf Neumann
47 - (void) strcpy(filename, tcp);
48 - if (!strcmp(filename, "-")) {
50 + if (EQ(filename, "-")) {
53 dvifp = BINOPEN("Kbd:");
54 @@ -3339,57 +3339,68 @@ Primary author of Dvi2xx: Gustaf Neumann
55 AssureBinary(fileno(dvifp));
58 + /* Since this code is used only once during startup, we don't care
59 + about free()ing the allocated strings that represent filenames.
60 + It will be more work to realize proper deallocation handling than
61 + it's worth in terms of saving a few bytes. We consider these
62 + bytes actually static memory where we don't know the size in
63 + advance and don't add them to the allocated_storage count.
66 /* split into directory + file name */
68 tcp = (char *)xbasename(argv[argind]);/* this knows about any kind of slashes */
70 + if ( tcplen == 0 ) {
71 + /* This happens when the DVI file name has a trailing slash; this
72 + is not a valid name. Then we terminate the argument parsing
73 + loop, a usage message will be output below. */
76 argvlen = strlen(argv[argind]);
77 if (tcplen == argvlen)
81 - (void) strcpy(curarea, argv[argind]);
82 + curarea = xstrdup(argv[argind]);
83 curarea[argvlen-tcplen] = '\0';
86 tcp = strrchr(argv[argind], '/');
87 /* split into directory + file name */
93 - (void) strcpy(curarea, argv[argind]);
94 + curarea = xstrdup(argv[argind]);
95 curarea[tcp-argv[argind]+1] = '\0';
100 + curname = (char *) xmalloc(strlen(tcp)+5); /* + space for ".dvi" */
101 (void) strcpy(curname, tcp);
102 /* split into file name + extension */
103 - tcp1 = strrchr(tcp, '.');
104 + tcp1 = strrchr(curname, '.');
106 - (void) strcpy(rootname, curname);
107 + rootname = xstrdup(curname);
108 strcat(curname, ".dvi");
111 - (void) strcpy(rootname, curname);
112 + rootname = xstrdup(curname);
116 + filename = (char *) xmalloc(strlen(curarea)+strlen(curname)+1);
117 (void) strcpy(filename, curarea);
118 (void) strcat(filename, curname);
120 if ((dvifp = BINOPEN(filename)) == FPNULL) {
121 /* do not insist on .dvi */
123 - int l = strlen(curname);
125 - curname[l - 4] = '\0';
126 - l = strlen(filename);
128 - filename[l - 4] = '\0';
129 + filename[strlen(filename) - 4] = '\0';
130 + dvifp = BINOPEN(filename);
132 - if (tcp1 != NULL || (dvifp = BINOPEN(filename)) == FPNULL) {
133 + if (dvifp == FPNULL) {
135 Fatal("%s: can't find DVI file \"%s\"\n\n",
136 G_progname, filename);
137 @@ -3411,7 +3422,7 @@ Primary author of Dvi2xx: Gustaf Neumann
138 y_goffset = (short) MM_TO_PXL(y_offset) + y_origin;
140 if (dvifp == FPNULL) {
141 - fprintf(ERR_STREAM,"\nThis is the DVI to %s converter version %s",
142 + fprintf(ERR_STREAM,"\nThis is the DVI to %s converter %s",
145 fprintf(ERR_STREAM,", 7bit");
146 @@ -3507,13 +3518,8 @@ Primary author of Dvi2xx: Gustaf Neumann
149 if (EQ(EmitFileName, "")) {
150 - if ((EmitFileName = (char *)malloc( STRSIZE )) != NULL)
151 - allocated_storage += STRSIZE;
153 - Fatal("Can't allocate storage of %d bytes\n",STRSIZE);
154 - (void) strcpy(EmitFileName, curname);
155 - if ((tcp1 = strrchr(EmitFileName, '.')))
157 + EmitFileName = (char *) xmalloc(strlen(rootname)+sizeof(EMITFILE_EXTENSION));
158 + (void) strcpy(EmitFileName, rootname);
159 strcat(EmitFileName, EMITFILE_EXTENSION);
162 @@ -3698,6 +3704,8 @@ bool PFlag;
166 + if ( tmp_dir[0] != '\0' )
167 + rmdir (tmp_dir); /* ignore errors */
171 @@ -3895,22 +3903,21 @@ char *str;
175 - char spbuf[STRSIZE], xs[STRSIZE], ys[STRSIZE];
176 - char *sf = NULL, *psfile = NULL;
177 + char xs[STRSIZE], ys[STRSIZE];
178 + char *include_file = NULL;
179 + enum { VerbFile, HPFile, PSFile } file_type;
184 static int GrayScale = 10, Pattern = 1;
185 static bool GrayFill = _TRUE;
186 - static long4 p_x[80], p_y[80];
187 - int llx=0, lly=0, urx=0, ury=0, rwi=0, rhi=0;
191 + static long4 p_x[MAX_SPECIAL_DEFPOINTS], p_y[MAX_SPECIAL_DEFPOINTS];
192 + int llx=0, lly=0, urx=0, ury=0, rwi=0;
196 + for ( i=0 ; i<MAX_SPECIAL_DEFPOINTS ; i++ )
197 + p_x[i] = p_y[i] = -1;
201 @@ -3924,41 +3931,30 @@ int n;
202 /* get all keyword-value pairs */
203 /* for compatibility, single words are taken as file names */
204 if ( k.vt == None && access(k.Key, 0) == 0) {
207 - && !kpse_tex_hush ("special")
210 - Warning("More than one \\special file name given. %s ignored", sf);
211 - (void) strcpy(spbuf, k.Key);
214 - for (j = 1; ((sf[j]=='/' ? sf[j]='\\':sf[j]) != '\0'); j++);
216 - } else if ( GetKeyVal( &k, KeyTab, NKEYS, &i ) && i != -1 )
217 + if ( include_file && !kpse_tex_hush ("special") ) {
218 + Warning("More than one \\special file name given. %s ignored", include_file);
219 + free (include_file);
221 + include_file = xstrdup(k.Key);
222 + file_type = VerbFile;
223 + } else if ( GetKeyVal( &k, KeyTab, NKEYS, &i ) && i != -1 ) {
228 - && !kpse_tex_hush ("special")
231 - Warning("More than one \\special file name given. %s ignored", sf);
232 - (void) strcpy(spbuf, k.Val);
235 - for (j=1; ((sf[j]=='/' ? sf[j]='\\':sf[j]) != '\0'); j++);
237 + if ( include_file ) {
238 + Warning("More than one \\special file name given. %s ignored", include_file);
239 + free(include_file);
241 + include_file = xstrdup(k.Val);
242 + file_type = PSFile;
247 - Warning("More than one \\special file name given. %s ignored", sf);
248 - (void) strcpy(spbuf, k.Val);
251 - for (j=1; ((sf[j]=='/' ? sf[j]='\\':sf[j]) != '\0'); j++);
253 + if ( include_file && !kpse_tex_hush ("special") ) {
254 + Warning("More than one \\special file name given. %s ignored", include_file);
255 + free(include_file);
257 + include_file = xstrdup(k.Val);
258 + file_type = HPFile;
262 @@ -3978,23 +3974,24 @@ int n;
267 - if (!kpse_tex_hush ("special"))
269 Warning( "Invalid orientation (%d)given; ignored.", k.v.i);
273 - (void) strcpy(spbuf, k.Val);
276 + for ( i=0 ; i<MAX_SPECIAL_DEFPOINTS ; i++ )
277 + p_x[i] = p_y[i] = -1;
281 - (void) strcpy(spbuf, k.Val);
282 - i = sscanf(spbuf,"%d(%[^,],%s)",&j,xs,ys);
283 + /* 254 is STRSIZE-1. cpp should be used to construct that number. */
284 + i = sscanf(k.Val,"%d(%254[^,],%254s)",&j,xs,ys);
287 + if ( j < 0 || j >= MAX_SPECIAL_DEFPOINTS ) {
288 + Warning ("defpoint %d ignored, must be between 0 and %d",
289 + j, MAX_SPECIAL_DEFPOINTS);
295 if (sscanf(xs,"%fpt",&x)>0) {
296 @@ -4011,19 +4008,32 @@ int n;
301 - if (!kpse_tex_hush ("special"))
303 Warning("invalid point definition\n");
309 - (void) strcpy(spbuf, k.Val);
310 - i = sscanf(spbuf,"%d/%d %s",&j,&j1,xs);
311 + /* 254 is STRSIZE-1. cpp should be used to construct that number. */
312 + i = sscanf(k.Val,"%d/%d %254s",&j,&j1,xs);
315 + if ( j < 0 || j >= MAX_SPECIAL_DEFPOINTS ) {
316 + Warning ("fill ignored, point %d must be between 0 and %d",
317 + j, MAX_SPECIAL_DEFPOINTS);
320 + if ( p_x[j] == -1 ) {
321 + Warning ("fill ignored, point %d is undefined\n", j);
324 + if ( j1 < 0 || j1 >= MAX_SPECIAL_DEFPOINTS ) {
325 + Warning ("fill ignored, point %d must be between 0 and %d",
326 + j1, MAX_SPECIAL_DEFPOINTS);
329 + if ( p_x[j1] == -1 ) {
330 + Warning ("fill ignored, point %d is undefined\n", j1);
333 SetPosn(p_x[j], p_y[j]);
334 x_pos = (long4)PIXROUND(p_x[j1]-p_x[j], hconv);
335 y_pos = (long4)PIXROUND(p_y[j1]-p_y[j], vconv);
336 @@ -4044,9 +4054,6 @@ int n;
341 - if (!kpse_tex_hush ("special"))
343 Warning( "Invalid gray scale (%d) given; ignored.", k.v.i);
346 @@ -4055,9 +4062,6 @@ int n;
351 - if (!kpse_tex_hush ("special"))
353 Warning( "Invalid pattern (%d) given; ignored.", k.v.i);
356 @@ -4066,75 +4070,123 @@ int n;
357 case URX: urx = k.v.i; break;
358 case URY: ury = k.v.i; break;
359 case RWI: rwi = k.v.i; break;
360 - case RHI: rhi = k.v.i; break;
362 + if (!kpse_tex_hush ("special"))
363 + Warning("Whatever rhi was good for once, it is ignored now.");
368 - if (!kpse_tex_hush ("special"))
370 + if ( !kpse_tex_hush ("special") )
371 Warning("Can't handle %s=%s command; ignored.", k.Key, k.Val);
377 - if (!kpse_tex_hush ("special"))
380 + } else if (!kpse_tex_hush ("special")) {
381 Warning("Invalid keyword or value in \\special - <%s> ignored", k.Key);
385 + if ( k.Val != NULL ) free(k.Val);
388 - if ( sf || psfile ) {
389 + if ( include_file ) {
390 last_rx = last_ry = UNKNOWN;
404 + if ( file_type == PSFile) {
405 /* int height = rwi * (urx - llx) / (ury - lly);*/
406 int width = urx - llx;
407 int height = ury - lly;
409 - int scale_factor = 3000 * width / rwi;
410 - int adjusted_height = height * 300/scale_factor;
411 - int adjusted_llx = llx * 300/scale_factor;
412 + char *cmd_format = "%s -q -dSIMPLE -dSAFER -dNOPAUSE -sDEVICE=%s -sOutputFile=%s %s %s showpage.ps -c quit";
414 + int scale_factor, adjusted_height, adjusted_llx;
415 char *printer = "ljetplus"; /* use the most stupid one */
418 - char scale_file_name[255];
419 - char *scale_file = tmpnam(scale_file_name);
420 - char *pcl_file = tmpnam(NULL);
421 + char pcl_file[STRSIZE];
422 + char scale_file[STRSIZE];
425 - if ( (scalef = BOUTOPEN(scale_file)) == FPNULL ) {
426 - Warning("Unable to open file %s for writing", scale_file );
429 - fprintf(scalef, "%.2f %.2f scale\n%d %d translate\n",
430 - 300.0/scale_factor, 300.0/scale_factor,
431 - 0, adjusted_height == height ? 0 : ury);
433 + if ( urx == 0 || ury == 0 || rwi == 0 ) {
434 + /* Since dvips' psfile special has a different syntax, this might
435 + well be one of those specials, i.e., a non-dviljk special. Then
436 + the Warning should be suppressable. */
437 + if ( !kpse_tex_hush ("special") )
438 + Warning ("Ignoring psfile special without urx, ury and rwi attributes");
439 + free (include_file);
442 + scale_factor = 3000 * width / rwi;
443 + adjusted_height = height * 300/scale_factor;
444 + adjusted_llx = llx * 300/scale_factor;
446 + /* We cannot use mkstemp, as we cannot pass two open file descriptors
447 + portably to Ghostscript. We don't want to use tmpnam() or tempnam()
448 + either, as they have tempfile creation race conditions. Instead we
449 + create a temporary directory with mkdtemp() -- if that's available.
450 + If not, we are thrown back to tempnam(), to get our functionality
451 + at all. We need to create the temporary directory only once per
452 + run; it will be deleted in AllDone(). */
453 + if ( tmp_dir[0] == '\0' ) {
455 + if ( (base_dir = getenv("TMPDIR")) == NULL ) {
457 + } else if ( strlen(base_dir) > STRSIZE - sizeof("/dviljkXXXXXX/include.pcl") ) {
458 + Warning ("TMPDIR %s is too long, using /tmp instead", base_dir);
461 + if ( base_dir[0] == '/' && base_dir[1] == '\0' ) {
462 + Warning ("Feeling naughty, do we? / is no temporary directory, dude");
465 + strcpy (tmp_dir, base_dir);
466 + strcat (tmp_dir, "/dviljkXXXXXX");
467 + if ( mkdtemp(tmp_dir) == NULL ) {
468 + Warning ("Could not create temporary directory %s, errno = %d; ignoring include file special",
473 + strcpy(pcl_file, tmp_dir);
474 + strcat(pcl_file, "/include.pcl");
475 + strcpy(scale_file, tmp_dir);
476 + strcat(scale_file, "/scale.ps");
478 + if ( (scalef = BOUTOPEN(scale_file)) == FPNULL ) {
479 + Warning("Unable to open file %s for writing", scale_file );
480 + free (include_file);
481 + unlink(scale_file); /* ignore error */
484 + fprintf(scalef, "%.2f %.2f scale\n%d %d translate\n",
485 + 300.0/scale_factor, 300.0/scale_factor,
486 + 0, adjusted_height == height ? 0 : ury);
490 - gs_path = getenv("GS_PATH");
492 - gs_path = "gswin32c.exe";
493 - sprintf(cmd,"%s -q -dSIMPLE -dSAFER -dNOPAUSE -sDEVICE=%s -sOutputFile=%s %s %s showpage.ps -c quit",
494 - gs_path, printer, pcl_file, scale_file, psfile);
495 + if ( (gs_cmd = getenv("GS_PATH")) == NULL )
496 + gs_cmd = "gswin32c.exe";
498 - sprintf(cmd,"gs -q -dSIMPLE -dSAFER -dNOPAUSE -sDEVICE=%s -sOutputFile=%s %s %s showpage.ps -c quit",
499 - printer, pcl_file, scale_file, psfile);
502 + if ( strlen(cmd_format)-10 + strlen(gs_cmd) + strlen(printer) +
503 + strlen(pcl_file) + strlen(scale_file) + strlen(include_file) +1 >
505 + Warning ("Ghostscript command for %s would be too long, skipping special", include_file);
506 + free (include_file);
507 + unlink(scale_file); /* ignore errors */
511 + sprintf(cmd, cmd_format,
512 + gs_cmd, printer, pcl_file, scale_file, include_file);
515 "PS-file '%s' w=%d, h=%d, urx=%d, ury=%d, llx=%d, lly=%d, rwi=%d\n",
516 - psfile, urx - llx, height, urx,ury,llx,lly, rwi);
517 + include_file, urx - llx, height, urx,ury,llx,lly, rwi);
518 fprintf(stderr,"%s\n",cmd);
521 @@ -4158,11 +4210,21 @@ int n;
524 CopyHPFile( pcl_file );
525 - /* unlink(pcl_file); */
526 - /* unlink(scale_file); */
529 + unlink(scale_file); /* ignore errors */
535 + if ( file_type == HPFile )
536 + CopyHPFile( include_file );
537 + else if ( file_type == VerbFile )
538 + CopyFile( include_file );
540 + Warning ("This can't happen: unknown file_type value %d", file_type);
542 + if ( include_file != NULL ) free(include_file);
546 @@ -4173,12 +4235,11 @@ int n;
547 /**********************************************************************/
548 /***************************** GetKeyStr ****************************/
549 /**********************************************************************/
550 -/* extract first keyword-value pair from string (value part may be null)
551 - * return pointer to remainder of string
552 - * return NULL if none found
553 +/* Extract first keyword-value pair from string (value part may be null),
554 + * keyword and value are allocated and must be free by caller.
555 + * Return pointer to remainder of string,
556 + * return NULL if none found.
558 -char KeyStr[STRSIZE];
559 -char ValStr[STRSIZE];
560 #if NeedFunctionPrototypes
561 char *GetKeyStr(char *str, KeyWord *kw )
563 @@ -4187,39 +4248,46 @@ char *str;
567 - char *s, *k, *v, t;
569 + char save_char, quote_char;
572 for (s = str; *s == ' '; s++)
573 ; /* skip over blanks */
576 - for (k = KeyStr; /* extract keyword portion */
577 - *s != ' ' && *s != '\0' && *s != '=';
582 - kw->Val = v = NULL;
583 + start = s++; /* start of keyword */
584 + while ( *s != ' ' && *s != '\0' && *s != '=' ) /* locate end */
588 + kw->Key = xstrdup(start);
591 - for ( ; *s == ' '; s++)
592 - ; /* skip over blanks */
593 - if ( *s != '=' ) /* look for "=" */
594 + if ( save_char == '\0' ) /* shortcut when we're at the end */
596 + *s = save_char; /* restore keyword end char */
597 + while ( *s == ' ' ) s++ ; /* skip over blanks */
598 + if ( *s != '=' ) /* no "=" means no value */
600 - for (s++; *s == ' '; s++); /* skip over blanks */
601 - if ( *s == '\'' || *s == '\"' ) /* get string delimiter */
603 + for (s++; *s == ' '; s++)
604 + ; /* skip over blanks */
605 + if ( *s == '\'' || *s == '\"' ) /* get string delimiter */
609 - for (v = ValStr; /* copy value portion up to delim */
610 - *s != t && *s != '\0';
613 - if ( t != ' ' && *s == t )
618 + start = s; /* no increment, might be "" as value */
619 + while ( *s != quote_char && *s != '\0' )
620 + s++; /* locate end of value portion */
623 + kw->Val = xstrdup(start);
625 + if ( save_char != '\0' ) { /* save_char is now quote_char */
627 + if ( quote_char != ' ' ) /* we had real quote chars */
633 @@ -4819,13 +4887,14 @@ struct font_entry *fontptr;
634 the resident fonts. */
635 if (tfm_read_info(fontptr->n, &tfm_info)
636 && tfm_info.family[0]
637 - && strcmp((char *)tfm_info.family, "HPAUTOTFM") == 0) {
638 + && EQ((char *)tfm_info.family, "HPAUTOTFM")) {
640 double factor = fontptr->s / (double)0x100000;
643 fontptr->resident_p = _TRUE;
644 - strcpy(fontptr->symbol_set, (char *)tfm_info.coding_scheme);
645 + strncpy(fontptr->symbol_set, (char *)tfm_info.coding_scheme, 39);
646 + fontptr->symbol_set[39] = '\0';
647 fontptr->resid = tfm_info.typeface_id;
648 fontptr->spacing = tfm_info.spacing;
649 fontptr->style = tfm_info.style;
650 @@ -4878,7 +4947,7 @@ struct font_entry *fontptr;
651 fontptr->resident_p = _FALSE;
653 if (tfm_info.family[0]
654 - && strcmp((char *)tfm_info.family, "UNSPECIFIED") == 0) {
655 + && EQ((char *)tfm_info.family, "UNSPECIFIED")) {
656 Warning("font family for %s is UNSPECIFIED; need to run dvicopy?",
658 fontptr->font_file_id = NO_FILE;
659 @@ -5031,10 +5100,9 @@ printf("[%ld]=%lf * %lf * %lf + 0.5 = %l
660 if (tfontptr->resident_p)
663 - if (!(resident_font_located)) {
664 + if (!(resident_font_located))
669 kpse_glyph_file_type font_ret;
671 @@ -5047,9 +5115,9 @@ printf("[%ld]=%lf * %lf * %lf + 0.5 = %l
675 - strcpy (tfontptr->name, name);
678 + tfontptr->name = name;
679 + allocated_storage += strlen(name)+1;
681 if (!FILESTRCASEEQ (tfontptr->n, font_ret.name)) {
683 "dvilj: Font %s not found, using %s at %d instead.\n",
684 @@ -5071,29 +5139,6 @@ printf("[%ld]=%lf * %lf * %lf + 0.5 = %l
688 -#else /* not KPATHSEA */
689 - if (!(findfile(PXLpath,
691 - tfontptr->font_mag,
695 - Warning(tfontptr->name); /* contains error messsage */
696 - tfontptr->font_file_id = NO_FILE;
698 - MakeMetafontFile(PXLpath, tfontptr->n, tfontptr->font_mag);
702 - font_found = _TRUE;
704 - fprintf(ERR_STREAM,"%d: using font <%s>\n", plusid, tfontptr->name);
706 -#endif /* not KPATHSEA */
708 -#ifdef LJ_RESIDENT_FONTS
712 tfontptr->plusid = plusid;
714 diff -U0 tetex-src-3.0/texk/dviljk/ChangeLog.dviljktemp tetex-src-3.0/texk/dviljk/ChangeLog
715 --- tetex-src-3.0/texk/dviljk/ChangeLog.dviljktemp 1998-03-03 11:17:39.000000000 +0100
716 +++ tetex-src-3.0/texk/dviljk/ChangeLog 2007-11-13 14:59:19.000000000 +0100
718 +2007-07-02 Joachim Schrod <jschrod@acm.org>
720 + * dvi2xx.c (DoSpecial): Security issue: usage of tmpnam() caused
721 + tempfile race condition. I use mkdtemp() if it's available and
722 + fall back to tmpnam.
724 + Special parsing of include files was inconsistent, unify it. The
725 + current parsing code still allows lots of non-sensical special
726 + commands, but at least it doesn't access unrelated variables any
729 +2007-06-28 Joachim Schrod <jschrod@acm.org>
731 + * dvi2xx.c: Fixed a whole bunch of buffer overflows: The program
732 + did not check memory bounds for any string operation. All places
733 + where strings are copied with strcpy are replaced by dynamically
734 + allocated strings (with xstrdup from kpathsea) or bounded string
735 + operations. Fixed also manual string copy operations on special
736 + strings. Fixed array buffer overflow in defpoint and fill special
738 + (DoSpecial): Call of ghostscript for psfile special had also a
739 + potential buffer overflow caused by unchecked usage of sprintf.
740 + Fix core dump: Check if all required parameters of psfile special
743 + Bumped version number up to 2.6p3.
745 + * dvi2xx.h: Some fixed sized string arrays are pointers now, they
746 + get dynamically allocated.
747 + (GetBytes): Another buffer overflow: Check that the buffer size is
748 + sufficient to store the read bytes. That relies on the invariant
749 + that the GetBytes macro is always called with an array as argument
750 + and not with a pointer.
752 + * config.h: Throw an error if kpathsea is not used. dvi2xx.c
753 + had previously already kpathsea dependencies without protecting
754 + them with #if KPATHSEA. We go that road further since upstream
755 + does not exist any more.
757 diff -up tetex-src-3.0/texk/dviljk/configure.dviljktemp tetex-src-3.0/texk/dviljk/configure
758 diff -up tetex-src-3.0/texk/dviljk/configure.in.dviljktemp tetex-src-3.0/texk/dviljk/configure.in
759 --- tetex-src-3.0/texk/dviljk/configure.in.dviljktemp 1999-02-08 22:42:01.000000000 +0100
760 +++ tetex-src-3.0/texk/dviljk/configure.in 2007-11-13 14:55:04.000000000 +0100
761 @@ -13,6 +13,7 @@ sinclude(../kpathsea/withenable.ac)
762 dnl These tests prevent reliable cross-compilation. Sigh.
764 AC_CHECK_SIZEOF(long)
765 +AC_CHECK_FUNCS(rmdir unlink mkdtemp)
768 dnl Update stamp-auto, since we just remade `c-auto.h'.
769 diff -up tetex-src-3.0/texk/dviljk/dvi2xx.h.dviljktemp tetex-src-3.0/texk/dviljk/dvi2xx.h
770 --- tetex-src-3.0/texk/dviljk/dvi2xx.h.dviljktemp 1999-03-16 08:03:33.000000000 +0100
771 +++ tetex-src-3.0/texk/dviljk/dvi2xx.h 2007-11-13 14:53:45.000000000 +0100
775 #include <kpathsea/config.h>
776 +#include <kpathsea/c-std.h>
777 #include <kpathsea/c-limits.h>
778 -#include <kpathsea/c-memstr.h>
779 #include <kpathsea/magstep.h>
780 #include <kpathsea/proginit.h>
781 #include <kpathsea/progname.h>
792 #include <dos.h> /* only for binaryopen on device */
794 -#if defined (unix) && !defined (KPATHSEA)
801 #define HUGE_SIZE (unsigned char) 2
802 #define HUGE_CHAR_PATTERN 32767l
803 #define BYTES_PER_PIXEL_LINE 500 /* max number of bytes per pixel line */
804 +#define MAX_SPECIAL_DEFPOINTS 80 /* max number of defpoint specials */
808 @@ -281,7 +280,14 @@ char *MFMODE = MFMODE600;
809 #define VisChar(c) (unsigned char)(c)
812 -#define GetBytes(fp,buf,n) read_multi(buf,1,n,fp) /* used to be a function */
813 +/* Used to be a function. buf is always an array, never a pointer.
814 + Without that invariant, we would have to introduce full dynamic
815 + memory management in this driver -- probably it would be easier to
816 + write a new one. [27 Jun 07 -js] */
817 +#define GetBytes(fp,buf,n) \
818 + ( sizeof(buf) != sizeof(void *) && sizeof(buf) > n ? \
819 + read_multi(buf, 1, n, fp) \
820 + : Fatal("Try to read %d bytes in an array of size %d", n, sizeof(buf)) )
823 /**********************************************************************/
824 @@ -307,6 +313,7 @@ int printf();
830 unsigned int strlen();
832 @@ -393,7 +400,7 @@ struct font_entry { /* font entry */
833 char n[STRSIZE]; /* FNT_DEF command parameters */
834 long4 font_mag; /* computed from FNT_DEF s and d parameters */
835 /*char psname[STRSIZE];*/ /* PostScript name of the font */
836 - char name[STRSIZE]; /* full name of PXL file */
837 + char *name; /* full name of PXL file */
838 FILEPTR font_file_id; /* file identifier (NO_FILE if none) */
840 long4 magnification; /* magnification read from PXL file */
841 @@ -487,8 +494,8 @@ void LoadAChar DVIPROTO((long4, regis
842 long4 NoSignExtend DVIPROTO((FILEPTR, int));
843 void OpenFontFile DVIPROTO((void));
844 long4 PixRound DVIPROTO((long4, long4));
845 -void PkRaster DVIPROTO((struct char_entry *, int));
846 -void RasterLine DVIPROTO((struct char_entry *, unsigned int,
847 +void PkRaster DVIPROTO((struct char_entry *, int));
848 +void RasterLine DVIPROTO((struct char_entry *, unsigned int,
849 unsigned int, unsigned char *));
850 void RasterChar DVIPROTO((struct char_entry *));
851 void ReadFontDef DVIPROTO((long4));
852 @@ -534,11 +541,12 @@ bool LastPageSpecified = _FALSE;
854 char *PXLpath = FONTAREA;
856 -char G_progname[STRSIZE]; /* program name */
857 -char filename[STRSIZE]; /* DVI file name */
858 -char rootname[STRSIZE]; /* DVI filename without extension */
859 +char *G_progname; /* program name */
860 +char *filename; /* DVI file name */
861 +char *rootname; /* DVI filename without extension */
862 char *HeaderFileName = ""; /* file name & path of Headerfile */
863 char *EmitFileName = ""; /* file name & path for output */
864 +char tmp_dir[STRSIZE] = ""; /* temporary directory for auxilliary files */
866 bool FirstAlternate = _FALSE; /* first page from alternate casette ? */
868 diff -up tetex-src-3.0/texk/dviljk/c-auto.in.dviljktemp tetex-src-3.0/texk/dviljk/c-auto.in
869 --- tetex-src-3.0/texk/dviljk/c-auto.in.dviljktemp 1999-03-23 23:40:08.000000000 +0100
870 +++ tetex-src-3.0/texk/dviljk/c-auto.in 2007-11-13 14:53:45.000000000 +0100
872 -/* c-auto.in. Generated automatically from configure.in by autoheader. */
873 +/* c-auto.in. Generated from configure.in by autoheader. */
874 +/* acconfig.h -- used by autoheader when generating c-auto.in.
876 -/* Define if type char is unsigned and you are not using gcc. */
877 -#ifndef __CHAR_UNSIGNED__
878 -#undef __CHAR_UNSIGNED__
880 + If you're thinking of editing acconfig.h to fix a configuration
881 + problem, don't. Edit the c-auto.h file created by configure,
882 + instead. Even better, fix configure to give the right answer. */
884 +/* Define to 1 if you have the `mkdtemp' function. */
887 +/* Define to 1 if you have the `rmdir' function. */
890 -/* The number of bytes in a long. */
891 +/* Define to 1 if you have the `unlink' function. */
894 +/* The size of a `long', as computed by sizeof. */
897 +/* Define to 1 if type `char' is unsigned and you are not using gcc. */
898 +#ifndef __CHAR_UNSIGNED__
899 +# undef __CHAR_UNSIGNED__
901 diff -up tetex-src-3.0/texk/dviljk/config.h.dviljktemp tetex-src-3.0/texk/dviljk/config.h
902 --- tetex-src-3.0/texk/dviljk/config.h.dviljktemp 2002-01-03 17:40:25.000000000 +0100
903 +++ tetex-src-3.0/texk/dviljk/config.h 2007-11-13 14:53:45.000000000 +0100
904 @@ -216,12 +216,7 @@ typedef SCHAR_TYPE signed_char;
908 -extern bool findfile(
909 -#if NeedFunctionPrototypes
910 -char path[], char n[], long4 fontmag, char name[],
911 - bool tfm, int level
914 +#error "Would need changed findfile, dviljk has changed allocation semantic of name member in tfontptr"
918 @@ -444,3 +439,24 @@ typedef FILE *FILEPTR;
919 /* If we have neither, should fall back to fprintf with fixed args. */
923 +/* If unlink and rmdir are not there, we don't delete the temporary files. */
928 +#define unlink(file)
931 +/* If mkdtemp() does not exist, we have to use tmpnam(). */
932 +#ifndef HAVE_MKDTEMP
933 +#define mkdtemp(dir) (tmpnam(dir) ? \
934 + ( mkdir(dir, 0700) == -1 ? NULL : dir ) : \
935 + ( errno = EINVAL, NULL ) )
939 +/* FIXME: Should provide a strdup function. But currently this tree is
940 + only used in connection with kpathsea anyhow. */
941 +#error "Need xstrdup and xmalloc function, e.g. from kpathsea"