| | [ Return to Bugs & Features | Post Text | Post File | SVN ⇄ GIT | Prev | Next ]
STR #3287
| Application: | FLTK Library |
|---|
| Status: | 5 - New |
|---|
| Priority: | 3 - Moderate, e.g. unable to compile the software |
|---|
| Scope: | 3 - Applies to all machines and operating systems |
|---|
| Subsystem: | Core Library |
|---|
| Summary: | Potential array overrun in Fl::get_font() |
|---|
| Version: | 1.4-feature |
|---|
| Created By: | skunk |
|---|
| Assigned To: | Unassigned |
|---|
| Fix Version: | Unassigned |
|---|
| Update Notification: | |
|---|
Trouble Report Files:
[ Post File ]No files
Trouble Report Comments:
[ Post Text ]
| |
| #1 | skunk
01:42 Feb 28, 2016 |
| [Note: This should be filed against 1.4-feature, but that option is not yet available in the new-bug form.]
This issue was previously discussed in
http://www.fltk.org/str.php?L2988
(see comments #13, 15, 20, and the fl_set_font_check_fnum.diff patch).
The Fl::get_font() method currently uses its argument as an index into an array, without any range checking. This can lead to bogus data being returned, or a segfault.
It doesn't help that the FLTK consumer does not even have a way of querying the size of the array, so it is not terribly easy to avoid the overrun when using this method. | |
| |
| #2 | AlbrechtS
13:49 Feb 28, 2016 |
| Thanks for posting this - moved to 1.4-feature.
[Note: 1.4-feature is available in the "Software Version" pull-down menu, at least for me. ;-) Currently this is the only option for 1.4] | |
[ Return to Bugs & Features | Post Text | Post File ]
|
| |
