STR #3287
FLTK matrix user chat room (using Element browser app)   FLTK gitter user chat room   GitHub FLTK Project   FLTK News RSS Feed  
  FLTK Apps      FLTK Library      Forums      Links     Login 
 Home  |  Articles & FAQs  |  Bugs & Features  |  Documentation  |  Download  |  Screenshots  ]
 

Return to Bugs & Features | Post Text | Post File | Prev | Next ]

STR #3287

Application:FLTK Library
Status:5 - New
Priority:3 - Moderate, e.g. unable to compile the software
Scope:3 - Applies to all machines and operating systems
Subsystem:Core Library
Summary:Potential array overrun in Fl::get_font()
Version:1.4-feature
Created By:skunk
Assigned To:Unassigned
Fix Version:Unassigned
Update Notification:

Receive EMails Don't Receive EMails

Trouble Report Files:

Post File ]

No files

Trouble Report Comments:

Post Text ]
Name/Time/Date Text top right image
 
#1 skunk
01:42 Feb 28, 2016
[Note: This should be filed against 1.4-feature, but that option is not yet available in the new-bug form.]

This issue was previously discussed in

    http://www.fltk.org/str.php?L2988

(see comments #13, 15, 20, and the fl_set_font_check_fnum.diff patch).

The Fl::get_font() method currently uses its argument as an index into an array, without any range checking. This can lead to bogus data being returned, or a segfault.

It doesn't help that the FLTK consumer does not even have a way of querying the size of the array, so it is not terribly easy to avoid the overrun when using this method.		  
 
#2 AlbrechtS
13:49 Feb 28, 2016
Thanks for posting this - moved to 1.4-feature.

[Note: 1.4-feature is available in the "Software Version" pull-down menu, at least for me. ;-) Currently this is the only option for 1.4]		  
bottom left image   bottom right image

Return to Bugs & Features | Post Text | Post File ]

 
 

Comments are owned by the poster. All other content is copyright 1998-2023 by Bill Spitzak and others. This project is hosted by The FLTK Team. Please report site problems to 'erco@seriss.com'.