[tex-k] [TeX-Live/texlive-source] add a conditional statement to avoid fread size too big to coredump (PR #63)
Norbert Preining
norbert at preining.info
Tue Jan 16 09:48:35 CET 2024
Hi Liao,
thanks for the PR, but we are not really developing here at GH, it is
only a mirror.
I put the tex-k mailing list into cc so that someone can take a look
there.
Best regards
Norbert
On Mon, 15 Jan 2024, Liao Yonglin wrote:
> The function `ttfLoadHDMX` uses the parsed hdmx size to allocate a Width heap buffer, copies content from the file, and the copy size is determined by numGlyphs. There is no validation of the actual memory size before storing it. Due to the controllable content and size, this could potentially lead to a heap overflow and result in arbitrary code execution.
> You can view, comment on, or merge this pull request online at:
>
> https://github.com/TeX-Live/texlive-source/pull/63
>
> -- Commit Summary --
>
> * add a conditional statement to avoid fread size too big to coredump
>
> -- File Changes --
>
> M texk/ttfdump/libttf/hdmx.c (6)
>
> -- Patch Links --
>
> https://github.com/TeX-Live/texlive-source/pull/63.patch
> https://github.com/TeX-Live/texlive-source/pull/63.diff
--
PREINING Norbert https://www.preining.info
Mercari Inc. + IFMGA Guide + TU Wien + TeX Live
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the tex-k
mailing list.