[ Return to Bugs & Features | Post Text | Post File | Prev | Next ]
|Status:||5 - New|
|Priority:||3 - Moderate, e.g. unable to compile the software|
|Scope:||3 - Applies to all machines and operating systems|
|Summary:||Potential array overrun in Fl::get_font()|
Trouble Report Files:
[ Post File ]
Trouble Report Comments:
[ Post Text ]
01:42 Feb 28, 2016
|[Note: This should be filed against 1.4-feature, but that option is not yet available in the new-bug form.] |
This issue was previously discussed in
(see comments #13, 15, 20, and the fl_set_font_check_fnum.diff patch).
The Fl::get_font() method currently uses its argument as an index into an array, without any range checking. This can lead to bogus data being returned, or a segfault.
It doesn't help that the FLTK consumer does not even have a way of querying the size of the array, so it is not terribly easy to avoid the overrun when using this method.
13:49 Feb 28, 2016
|Thanks for posting this - moved to 1.4-feature. |
[Note: 1.4-feature is available in the "Software Version" pull-down menu, at least for me. ;-) Currently this is the only option for 1.4]
[ Return to Bugs & Features | Post Text | Post File ]