Tk Source Code

Check-in [0ecc5f95]
Login
Core Home Timeline Branches Tags Tickets Download Wiki

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:[Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2. One more place where this problem could appear.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 0ecc5f95e00495b622cef99b51a629871012f85e
User & Date: jan.nijtmans 2011-03-28 09:22:36
Context
2011-03-28
11:44
set default MODULE_SCOPE=extern, in case no other value is determined check-in: b4c6e652 user: jan.nijtmans tags: trunk
09:22
[Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2. One more place where this problem could appear. check-in: 0ecc5f95 user: jan.nijtmans tags: trunk
09:20
[Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2. One more place where this problem could appear. check-in: bc537f82 user: jan.nijtmans tags: core-8-5-branch
2011-03-27
20:10
merge-mark check-in: 8bc432d6 user: jan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ChangeLog. 






1
2
3
4
5
6
7






2011-03-24  Jan Nijtmans  <[email protected]>

	* win/tkWinMenu.c: [Bug #3239768] tk8.4.19 (and later) WIN32
	menu font support.

2011-03-16  Jan Nijtmans  <[email protected]>


>
>
>
>
>








1
2
3
4
5
6
7
8
9
10
11
12

2011-03-28  Jan Nijtmans  <[email protected]>

	* generic/tkTextBTree.c: [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and
	-D_FORTIFY_SOURCE=2. One more place where this problem could appear.

2011-03-24  Jan Nijtmans  <[email protected]>

	* win/tkWinMenu.c: [Bug #3239768] tk8.4.19 (and later) WIN32
	menu font support.

2011-03-16  Jan Nijtmans  <[email protected]>

Changes to generic/tkText.h. 

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

				 * type. */
    struct TkTextSegment *nextPtr;
				/* Next in list of segments for this line, or
				 * NULL for end of list. */
    int size;			/* Size of this segment (# of bytes of index
				 * space it occupies). */
    union {
	char chars[4];		/* Characters that make up character info.
				 * Actual length varies to hold as many
				 * characters as needed.*/
	TkTextToggle toggle;	/* Information about tag toggle. */
	TkTextMark mark;	/* Information about mark. */
	TkTextEmbWindow ew;	/* Information about embedded window. */
	TkTextEmbImage ei;	/* Information about embedded image. */
    } body;








|








166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

				 * type. */
    struct TkTextSegment *nextPtr;
				/* Next in list of segments for this line, or
				 * NULL for end of list. */
    int size;			/* Size of this segment (# of bytes of index
				 * space it occupies). */
    union {
	char chars[1];		/* Characters that make up character info.
				 * Actual length varies to hold as many
				 * characters as needed.*/
	TkTextToggle toggle;	/* Information about tag toggle. */
	TkTextMark mark;	/* Information about mark. */
	TkTextEmbWindow ew;	/* Information about embedded window. */
	TkTextEmbImage ei;	/* Information about embedded image. */
    } body;

Changes to generic/tkTextBTree.c. 

1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081

	    segPtr->nextPtr = linePtr->segPtr;
	    linePtr->segPtr = segPtr;
	} else {
	    segPtr->nextPtr = curPtr->nextPtr;
	    curPtr->nextPtr = segPtr;
	}
	segPtr->size = chunkSize;
	strncpy(segPtr->body.chars, string, (size_t) chunkSize);
	segPtr->body.chars[chunkSize] = 0;

	if (eol[-1] != '\n') {
	    break;
	}

	/*








|








1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081

	    segPtr->nextPtr = linePtr->segPtr;
	    linePtr->segPtr = segPtr;
	} else {
	    segPtr->nextPtr = curPtr->nextPtr;
	    curPtr->nextPtr = segPtr;
	}
	segPtr->size = chunkSize;
	memcpy(segPtr->body.chars, string, (size_t) chunkSize);
	segPtr->body.chars[chunkSize] = 0;

	if (eol[-1] != '\n') {
	    break;
	}

	/*

4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558

4559
4560
4561
4562
4563
4564
4565

    TkTextSegment *newPtr1, *newPtr2;

    newPtr1 = ckalloc(CSEG_SIZE(index));
    newPtr2 = ckalloc(CSEG_SIZE(segPtr->size - index));
    newPtr1->typePtr = &tkTextCharType;
    newPtr1->nextPtr = newPtr2;
    newPtr1->size = index;
    strncpy(newPtr1->body.chars, segPtr->body.chars, (size_t) index);
    newPtr1->body.chars[index] = 0;
    newPtr2->typePtr = &tkTextCharType;
    newPtr2->nextPtr = segPtr->nextPtr;
    newPtr2->size = segPtr->size - index;
    strcpy(newPtr2->body.chars, segPtr->body.chars + index);

    ckfree(segPtr);
    return newPtr1;
}

/*
 *--------------------------------------------------------------
 *








|




|
>








4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566

    TkTextSegment *newPtr1, *newPtr2;

    newPtr1 = ckalloc(CSEG_SIZE(index));
    newPtr2 = ckalloc(CSEG_SIZE(segPtr->size - index));
    newPtr1->typePtr = &tkTextCharType;
    newPtr1->nextPtr = newPtr2;
    newPtr1->size = index;
    memcpy(newPtr1->body.chars, segPtr->body.chars, (size_t) index);
    newPtr1->body.chars[index] = 0;
    newPtr2->typePtr = &tkTextCharType;
    newPtr2->nextPtr = segPtr->nextPtr;
    newPtr2->size = segPtr->size - index;
    memcpy(newPtr2->body.chars, segPtr->body.chars + index, newPtr2->size);
    newPtr2->body.chars[newPtr2->size] = 0;
    ckfree(segPtr);
    return newPtr1;
}

/*
 *--------------------------------------------------------------
 *

4591
4592
4593
4594
4595
4596
4597
4598
4599

4600
4601
4602
4603
4604
4605
4606

    if ((segPtr2 == NULL) || (segPtr2->typePtr != &tkTextCharType)) {
	return segPtr;
    }
    newPtr = ckalloc(CSEG_SIZE(segPtr->size + segPtr2->size));
    newPtr->typePtr = &tkTextCharType;
    newPtr->nextPtr = segPtr2->nextPtr;
    newPtr->size = segPtr->size + segPtr2->size;
    strcpy(newPtr->body.chars, segPtr->body.chars);
    strcpy(newPtr->body.chars + segPtr->size, segPtr2->body.chars);

    ckfree(segPtr);
    ckfree(segPtr2);
    return newPtr;
}

/*
 *--------------------------------------------------------------








|
|
>








4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608

    if ((segPtr2 == NULL) || (segPtr2->typePtr != &tkTextCharType)) {
	return segPtr;
    }
    newPtr = ckalloc(CSEG_SIZE(segPtr->size + segPtr2->size));
    newPtr->typePtr = &tkTextCharType;
    newPtr->nextPtr = segPtr2->nextPtr;
    newPtr->size = segPtr->size + segPtr2->size;
    memcpy(newPtr->body.chars, segPtr->body.chars, segPtr->size);
    memcpy(newPtr->body.chars + segPtr->size, segPtr2->body.chars, segPtr2->size);
    newPtr->body.chars[newPtr->size] = 0;
    ckfree(segPtr);
    ckfree(segPtr2);
    return newPtr;
}

/*
 *--------------------------------------------------------------

This page was generated in about 0.075s by Fossil 2.24 [f4ffefe708] 2024-04-17 14:02:19