uncommitted - pcf2bdf
Ready changes
Summary
Import uploads missing from VCS:Diff
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cf51a41
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+*.bdf
+*.orig
+*.pcf
+*.rej
+*~
+.DS_Store
+pcf2bdf
+pcf2bdf.exe
+pcf2bdf.o
diff --git a/.pc/.quilt_patches b/.pc/.quilt_patches
new file mode 100644
index 0000000..6857a8d
--- /dev/null
+++ b/.pc/.quilt_patches
@@ -0,0 +1 @@
+debian/patches
diff --git a/.pc/.quilt_series b/.pc/.quilt_series
new file mode 100644
index 0000000..c206706
--- /dev/null
+++ b/.pc/.quilt_series
@@ -0,0 +1 @@
+series
diff --git a/.pc/.version b/.pc/.version
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/.pc/.version
@@ -0,0 +1 @@
+2
diff --git a/.pc/applied-patches b/.pc/applied-patches
new file mode 100644
index 0000000..e69de29
diff --git a/Makefile.gcc b/Makefile.gcc
index 28da573..fcabccd 100644
--- a/Makefile.gcc
+++ b/Makefile.gcc
@@ -20,3 +20,11 @@ install: all
$(INSTALL_PROGRAM) pcf2bdf $(DESTDIR)$(BINPATH)
$(INSTALL_DIR) $(DESTDIR)$(MANPATH)
$(INSTALL_DATA) pcf2bdf.man $(DESTDIR)$(MANPATH)/pcf2bdf.1
+
+test: pcf2bdf
+ for i in /usr/share/fonts/X11/misc/*.pcf*; do \
+ ./pcf2bdf -v $$i > /dev/null 2>&1 || (echo test failed: $$i; exit 1) ;\
+ done
+ for i in tests/error_samples/*; do \
+ ( ./pcf2bdf -v $$i > /dev/null 2>&1 && (echo test failed: $$i; exit 1) || exit 0) ;\
+ done
diff --git a/README.txt b/README.txt
index d5cf61e..00fe84f 100644
--- a/README.txt
+++ b/README.txt
@@ -65,6 +65,13 @@ COPYRIGHT
HISTORY
+ 1.07 2022/02/23
+
+ - CVE-2022-23318
+ Fixed: heap buffer overflow on invalid intput pcf.
+ - CVE-2022-23319
+ Fixed: segmentation fault on invalid intput pcf.
+
1.06 2019/08/27
- Fixed: too-long-path-to-input.pcf.gz causes stack-based buffer
diff --git a/debian/changelog b/debian/changelog
index d683daf..ec54d9b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+pcf2bdf (1.07-1) unstable; urgency=medium
+
+ [ upstream ]
+ * new release
+ + fix segmentation fault on invalid intput pcf
+ CVE-2022-23319
+ + fix heap buffer overflow on invalid intput pcf
+ CVE-2022-23318
+
+ [ Jonas Smedegaard ]
+ * update git-buildpackage config:
+ + use DEP-14 branch names debian/latest upstream/latest
+ (not master upstream)
+ + add usage comment
+ * update source helper script copyright-check
+ * build-depend on xfonts-base
+
+ -- Jonas Smedegaard <dr@jones.dk> Sat, 26 Feb 2022 11:10:10 +0100
+
pcf2bdf (1.06-4) unstable; urgency=medium
* update watch file:
diff --git a/debian/control b/debian/control
index d7ce4f7..c290eb8 100644
--- a/debian/control
+++ b/debian/control
@@ -6,6 +6,7 @@ Uploaders:
Jonas Smedegaard <dr@jones.dk>,
Build-Depends:
debhelper-compat (= 13),
+ xfonts-base <!nocheck>,
Standards-Version: 4.6.0
Homepage: https://github.com/ganaware/pcf2bdf
Vcs-Git: https://salsa.debian.org/fonts-team/pcf2bdf.git
diff --git a/debian/copyright-check b/debian/copyright-check
index b7ac352..27e6528 100755
--- a/debian/copyright-check
+++ b/debian/copyright-check
@@ -1,3 +1,3 @@
#!/bin/sh
-licensecheck --check '.*' --recursive --copyright --deb-machine --ignore '^(debian/(changelog|copyright(_hints)?))$' --lines 0 -- * > debian/copyright_hints
+licensecheck --check '.*' --recursive --copyright --deb-machine --ignore '^(tests/error_samples/.*|debian/(changelog|copyright(_hints)?))$' --lines 0 -- * > debian/copyright_hints
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 2a594ca..10e7015 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,6 +1,14 @@
-# Configuration file for git-buildpackage and friends
+# clone this source: gbp clone $PKG_GIT_URL
+# track upstream source: git remote add upstream-git $UPSTREAM_GIT_URL
+# update this source: gbp pull
+# update upstream source: git fetch upstream-git --tags
+# import upstream release: gbp import-orig --upstream-vcs-tag=$VERSION --uscan
+# build package: gbp buildpackage
+# publish source release: gbp tag && gbp push
[DEFAULT]
pristine-tar = True
sign-tags = True
filter = */.git*
+debian-branch = debian/latest
+upstream-branch = upstream/latest
diff --git a/debian/rules b/debian/rules
index 5e89548..7882656 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,8 +2,8 @@
export PREFIX = /usr
-%:
- dh $@ --buildsystem=makefile
-
override_dh_auto_configure:
cp -f Makefile.gcc Makefile
+
+%:
+ dh $@ --buildsystem=makefile
diff --git a/pcf2bdf.cc b/pcf2bdf.cc
index 7954377..eec6c3c 100644
--- a/pcf2bdf.cc
+++ b/pcf2bdf.cc
@@ -226,6 +226,23 @@ int error_invalid_exit(const char *str)
return 1;
}
+void check_int32_min(const char *indent, const char *str, int32 value, int32 min)
+{
+ if (!(min <= value))
+ {
+ fprintf(stderr, "pcf2bdf: <%s>=%d is out of range (must be >= %d)\n",
+ str, value, min);
+ exit(1);
+ }
+ else
+ {
+ if (verbose)
+ {
+ fprintf(stderr, "%s%s = %d\n", indent, str, value);
+ }
+ }
+}
+
int check_memory(void *ptr)
{
if (!ptr)
@@ -712,6 +729,7 @@ int main(int argc, char *argv[])
error_exit("this is not PCF file format");
}
nTables = read_int32_little();
+ check_int32_min("", "nTables", nTables, 1);
check_memory((tables = new table_t[nTables]));
for (i = 0; i < nTables; i++)
{
@@ -739,6 +757,7 @@ int main(int argc, char *argv[])
error_invalid_exit("properties(format)");
}
nProps = read_int32();
+ check_int32_min("\t", "nProps", nProps, 1);
check_memory((props = new props_t[nProps]));
for (i = 0; i < nProps; i++)
{
@@ -748,6 +767,7 @@ int main(int argc, char *argv[])
}
skip(3 - (((4 + 1 + 4) * nProps + 3) % 4));
stringSize = read_int32();
+ check_int32_min("\t", "stringSize", stringSize, 0);
check_memory((string = new char[stringSize + 1]));
read_byte8s((byte8 *)string, stringSize);
string[stringSize] = '\0';
@@ -826,6 +846,7 @@ int main(int argc, char *argv[])
error_invalid_exit("metrics");
case PCF_DEFAULT_FORMAT:
nMetrics = read_int32();
+ check_int32_min("\t", "nMetrics", nMetrics, 1);
check_memory((metrics = new metric_t[nMetrics]));
for (i = 0; i < nMetrics; i++)
{
@@ -838,6 +859,7 @@ int main(int argc, char *argv[])
fprintf(stderr, "\tPCF_COMPRESSED_METRICS\n");
}
nMetrics = read_int16();
+ check_int32_min("\t", "nMetrics", nMetrics, 1);
check_memory((metrics = new metric_t[nMetrics]));
for (i = 0; i < nMetrics; i++)
{
@@ -845,10 +867,6 @@ int main(int argc, char *argv[])
}
break;
}
- if (verbose)
- {
- fprintf(stderr, "\tnMetrics = %d\n", nMetrics);
- }
fontbbx = metrics[0];
for (i = 1; i < nMetrics; i++)
{
@@ -888,6 +906,7 @@ int main(int argc, char *argv[])
error_invalid_exit("bitmaps");
}
nBitmaps = read_int32();
+ check_int32_min("\t", "nBitmaps", nBitmaps, nMetrics);
check_memory((bitmapOffsets = new uint32[nBitmaps]));
for (i = 0; i < nBitmaps; i++)
{
@@ -898,6 +917,7 @@ int main(int argc, char *argv[])
bitmapSizes[i] = read_uint32();
}
bitmapSize = bitmapSizes[format.glyph];
+ check_int32_min("\t", "bitmapSize", bitmapSize, 0);
check_memory((bitmaps = new byte8[bitmapSize]));
read_byte8s(bitmaps, bitmapSize);
//
@@ -977,6 +997,14 @@ int main(int argc, char *argv[])
fprintf(stderr, "\tlastRow = %X\n", lastRow);
fprintf(stderr, "\tdefaultCh = %X\n", defaultCh);
}
+ if (!(firstCol <= lastCol))
+ {
+ error_invalid_exit("firstCol, lastCol");
+ }
+ if (!(firstRow <= lastRow))
+ {
+ error_invalid_exit("firstRow, lastRow");
+ }
nEncodings = (lastCol - firstCol + 1) * (lastRow - firstRow + 1);
check_memory((encodings = new uint16[nEncodings]));
for (i = 0; i < nEncodings; i++)
@@ -1022,6 +1050,7 @@ int main(int argc, char *argv[])
rx = (int)(get_property_value("RESOLUTION") / 100.0 * 72.27) ;
}
double p = get_property_value("POINT_SIZE") / 10.0;
+ nSwidths = nMetrics;
for (i = 0; i < nSwidths; i++)
{
metrics[i].swidth =
@@ -1051,6 +1080,7 @@ int main(int argc, char *argv[])
metrics[i].glyphName.v = read_int32();
}
glyphNamesSize = read_int32();
+ check_int32_min("\t", "glyphNamesSize", glyphNamesSize, 0);
check_memory((glyphNames = new char[glyphNamesSize + 1]));
read_byte8s((byte8 *)glyphNames, glyphNamesSize);
glyphNames[glyphNamesSize] = '\0';
@@ -1186,6 +1216,10 @@ int main(int argc, char *argv[])
int col = i % (lastCol - firstCol + 1) + firstCol;
int row = i / (lastCol - firstCol + 1) + firstRow;
uint16 charcode = make_charcode(row, col);
+ if (!(encodings[i] < nMetrics))
+ {
+ error_invalid_exit("encodings");
+ }
metric_t &m = metrics[encodings[i]];
if (m.glyphName.s)
{
diff --git a/tests/error_samples/heap_overflow_read_40b b/tests/error_samples/heap_overflow_read_40b
new file mode 100644
index 0000000..53e9259
Binary files /dev/null and b/tests/error_samples/heap_overflow_read_40b differ
diff --git a/tests/error_samples/segfault_deadly_signal b/tests/error_samples/segfault_deadly_signal
new file mode 100644
index 0000000..a0bc97f
Binary files /dev/null and b/tests/error_samples/segfault_deadly_signal differ
Debdiff
[The following lists of changes regard files as different if they have different names, permissions or owners.]
Files in second set of .debs but not in first
-rw-r--r-- root/root /usr/lib/debug/.build-id/c4/d596393a424f2b9e68ac926a69eed6307b623a.debug
Files in first set of .debs but not in second
-rw-r--r-- root/root /usr/lib/debug/.build-id/bb/73e03ea19c6982bf34089356c2750ea0d46bbf.debug
No differences were encountered between the control files of package pcf2bdf
Control files of package pcf2bdf-dbgsym: lines which differ (wdiff format)
Build-Ids: bb73e03ea19c6982bf34089356c2750ea0d46bbf c4d596393a424f2b9e68ac926a69eed6307b623a