[Pkg-fonts-devel] Bug#700933: Unchecked conversion of input to enum
Michael Tautschnig
mt at debian.org
Tue Feb 19 14:02:40 UTC 2013
Package: fontforge
Version: 0.0.20120101+git-2
Usertags: goto-cc
While building the package using our research compiler infrastructure, which
also performs more strict type checking, we noticed the following problem that
possibly triggers undefined behaviour:
In fontforge/scripting.c, the function bExpandStroke stores user input values
(of type double) in a field of type enum linecap (first appears in line 4653,
but also occurs multiple other times).
As there is no sanitization of input in place, the assignment may result in
arbitrary values being set.
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fonts-devel/attachments/20130219/cc134c7f/attachment.pgp>
More information about the Pkg-fonts-devel
mailing list