Apply by doing:

Apply by doing:
cd /usr/XF4
patch -p0 < 017_font.patch

Then rebuild and install X:
cd /usr/obj
lndir /usr/XF4
make build

Index: xc/lib/font/fontfile/dirfile.c
===================================================================
RCS file: /cvs/XF4/xc/lib/font/fontfile/dirfile.c,v
retrieving revision 1.1.1.3
retrieving revision 1.1.1.3.6.2
diff -u -p -r1.1.1.3 -r1.1.1.3.6.2
--- xc/lib/font/fontfile/dirfile.c 19 Jan 2002 11:06:06 -0000 1.1.1.3
+++ xc/lib/font/fontfile/dirfile.c 13 Feb 2004 07:50:51 -0000 1.1.1.3.6.2
@@ -68,6 +68,9 @@ FontFileReadDirectory (char *directory,

FontDirectoryPtr dir = NullFontDirectory;

+ if (strlen(directory) + 1 + sizeof(FontDirFile) > sizeof(dir_file))
+ return BadFontPath;
+
#ifdef FONTDIRATTRIB
/* Check for font directory attributes */
#ifndef __EMX__
@@ -154,6 +157,9 @@ FontFileDirectoryChanged(FontDirectoryPt
char dir_file[MAXFONTFILENAMELEN];
struct stat statb;

+ if (strlen(dir->directory) + sizeof(FontDirFile) > sizeof(dir_file))
+ return FALSE;
+
strcpy (dir_file, dir->directory);
strcat (dir_file, FontDirFile);
if (stat (dir_file, &statb) == -1)
@@ -202,6 +208,8 @@ AddFileNameAliases(FontDirectoryPtr dir)
continue;

len = strlen (fileName) - renderer->fileSuffixLen;
+ if (len >= sizeof(copy))
+ continue;
CopyISOLatin1Lowered (copy, fileName, len);
copy[len] = '\0';
name.name = copy;
@@ -251,9 +259,13 @@ ReadFontAlias(char *directory, Bool isFi
int status = Successful;
struct stat statb;

+ if (strlen(directory) >= sizeof(alias_file))
+ return BadFontPath;
dir = *pdir;
strcpy(alias_file, directory);
if (!isFile) {
+ if (strlen(directory) + 1 + sizeof(FontAliasFile) > sizeof(alias_file))
+ return BadFontPath;
if (directory[strlen(directory) - 1] != '/')
strcat(alias_file, "/");
strcat(alias_file, FontAliasFile);
@@ -286,6 +298,10 @@ ReadFontAlias(char *directory, Bool isFi
status = AllocError;
break;
case NAME:
+ if (strlen(lexToken) >= sizeof(alias)) {
+ status = BadFontPath;
+ break;
+ }
strcpy(alias, lexToken);
token = lexAlias(file, &lexToken);
switch (token) {
@@ -302,6 +318,10 @@ ReadFontAlias(char *directory, Bool isFi
status = AllocError;
break;
case NAME:
+ if (strlen(lexToken) >= sizeof(font_name)) {
+ status = BadFontPath;
+ break;
+ }
CopyISOLatin1Lowered(alias, alias, strlen(alias));
CopyISOLatin1Lowered(font_name, lexToken, strlen(lexToken));
if (!FontFileAddFontAlias (dir, alias, font_name))
Index: xc/lib/font/fontfile/encparse.c
===================================================================
RCS file: /cvs/XF4/xc/lib/font/fontfile/encparse.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.6.1
diff -u -p -r1.1.1.2 -r1.1.1.2.6.1
--- xc/lib/font/fontfile/encparse.c 19 Jan 2002 11:06:06 -0000 1.1.1.2
+++ xc/lib/font/fontfile/encparse.c 13 Feb 2004 07:50:51 -0000 1.1.1.2.6.1
@@ -833,6 +833,7 @@ FontEncReallyReallyLoad(const char *char
char file_name[MAXFONTFILENAMELEN], encoding_name[MAXFONTNAMELEN],
buf[MAXFONTFILENAMELEN];
int count, n;
+ static char format[24] = "";

/* As we don't really expect to open encodings that often, we don't
take the trouble of caching encodings directories. */
@@ -848,8 +849,12 @@ FontEncReallyReallyLoad(const char *char
}

encoding = NULL;
+ if (!format[0]) {
+ sprintf(format, "%%%ds %%%d[^\n]\n", sizeof(encoding_name) - 1,
+ sizeof(file_name) - 1);
+ }
for(;;) {
- count = fscanf(file, "%s %[^\n]\n", encoding_name, file_name);
+ count = fscanf(file, format, encoding_name, file_name);
if(count == EOF)
break;
if(count != 2)
Index: xc/lib/font/fontfile/fontfile.c
===================================================================
RCS file: /cvs/XF4/xc/lib/font/fontfile/fontfile.c,v
retrieving revision 1.1.1.3
retrieving revision 1.1.1.3.6.1
diff -u -p -r1.1.1.3 -r1.1.1.3.6.1
--- xc/lib/font/fontfile/fontfile.c 19 Jan 2002 11:06:06 -0000 1.1.1.3
+++ xc/lib/font/fontfile/fontfile.c 13 Feb 2004 07:50:51 -0000 1.1.1.3.6.1
@@ -424,11 +424,16 @@ FontFileOpenFont (pointer client, FontPa
vals.ranges = ranges;
vals.nranges = nranges;

- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
flags, entry, fileName, &vals, format, fmask,
non_cachable_font);
+ }

/* In case rasterizer does something bad because of
charset subsetting... */
@@ -497,6 +502,10 @@ FontFileOpenBitmapNCF (FontPathElementPt

dir = (FontDirectoryPtr) fpe->private;
bitmap = &entry->u.bitmap;
+ if(!bitmap || !bitmap->renderer->OpenBitmap)
+ return BadFontName;
+ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
+ return BadFontName;
strcpy (fileName, dir->directory);
strcat (fileName, bitmap->fileName);
ret = (*bitmap->renderer->OpenBitmap)
@@ -530,6 +539,10 @@ FontFileGetInfoBitmap (FontPathElementPt

dir = (FontDirectoryPtr) fpe->private;
bitmap = &entry->u.bitmap;
+ if (!bitmap || !bitmap->renderer->GetInfoBitmap)
+ return BadFontName;
+ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
+ return BadFontName;
strcpy (fileName, dir->directory);
strcat (fileName, bitmap->fileName);
ret = (*bitmap->renderer->GetInfoBitmap) (fpe, pFontInfo, entry, fileName);
@@ -891,10 +904,15 @@ FontFileListOneFontWithInfo (pointer cli
vals.ranges = FontParseRanges(origName, &vals.nranges);
ranges = vals.ranges;
/* Make a new scaled instance */
- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->GetInfoScalable)
- (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->GetInfoScalable)
+ (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
+ }
if (ranges) xfree(ranges);
}
}
@@ -931,10 +949,15 @@ FontFileListOneFontWithInfo (pointer cli
bc = &entry->u.bc;
entry = bc->entry;
/* Make a new scaled instance */
- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->GetInfoScalable)
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->GetInfoScalable)
(fpe, *pFontInfo, entry, tmpName, fileName, &bc->vals);
+ }
break;
#endif
default:
Index: xc-old/lib/font/fontfile/dirfile.c
===================================================================
RCS file: /cvs/XF4/xc-old/lib/font/fontfile/dirfile.c,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.10.2
diff -u -p -r1.1.1.1 -r1.1.1.1.10.2
--- xc-old/lib/font/fontfile/dirfile.c 18 Feb 2001 16:08:19 -0000 1.1.1.1
+++ xc-old/lib/font/fontfile/dirfile.c 13 Feb 2004 07:50:51 -0000 1.1.1.1.10.2
@@ -73,6 +73,9 @@ FontFileReadDirectory (directory, pdir)

FontDirectoryPtr dir = NullFontDirectory;

+ if (strlen(directory) + 1 + sizeof(FontDirFile) > sizeof(dir_file))
+ return BadFontPath;
+
#ifdef FONTDIRATTRIB
/* Check for font directory attributes */
#ifndef __EMX__
@@ -160,6 +163,9 @@ FontFileDirectoryChanged(dir)
char dir_file[MAXFONTFILENAMELEN];
struct stat statb;

+ if (strlen(dir->directory) + sizeof(FontDirFile) > sizeof(dir_file))
+ return FALSE;
+
strcpy (dir_file, dir->directory);
strcat (dir_file, FontDirFile);
if (stat (dir_file, &statb) == -1)
@@ -209,6 +215,8 @@ AddFileNameAliases(dir)
continue;

len = strlen (fileName) - renderer->fileSuffixLen;
+ if (len >= sizeof(copy))
+ continue;
CopyISOLatin1Lowered (copy, fileName, len);
copy[len] = '\0';
name.name = copy;
@@ -263,6 +271,8 @@ ReadFontAlias(directory, isFile, pdir)
int status = Successful;
struct stat statb;

+ if (strlen(directory) >= sizeof(alias_file))
+ return BadFontPath;
dir = *pdir;
strcpy(alias_file, directory);
if (!isFile) {
@@ -298,6 +308,10 @@ ReadFontAlias(directory, isFile, pdir)
status = AllocError;
break;
case NAME:
+ if (strlen(lexToken) >= sizeof(alias)) {
+ status = BadFontPath;
+ break;
+ }
strcpy(alias, lexToken);
token = lexAlias(file, &lexToken);
switch (token) {
@@ -314,6 +328,10 @@ ReadFontAlias(directory, isFile, pdir)
status = AllocError;
break;
case NAME:
+ if (strlen(lexToken) >= sizeof(font_name)) {
+ status = BadFontPath;
+ break;
+ }
CopyISOLatin1Lowered((unsigned char *) alias,
(unsigned char *) alias,
strlen(alias));
Index: xc-old/lib/font/fontfile/fontfile.c
===================================================================
RCS file: /cvs/XF4/xc-old/lib/font/fontfile/fontfile.c,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.10.1
diff -u -p -r1.1.1.1 -r1.1.1.1.10.1
--- xc-old/lib/font/fontfile/fontfile.c 18 Feb 2001 16:08:20 -0000 1.1.1.1
+++ xc-old/lib/font/fontfile/fontfile.c 13 Feb 2004 07:50:51 -0000 1.1.1.1.10.1
@@ -438,11 +438,16 @@ FontFileOpenFont (client, fpe, flags, na
vals.ranges = ranges;
vals.nranges = nranges;

- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->OpenScalable) (fpe, pFont,
flags, entry, fileName, &vals, format, fmask,
non_cachable_font);
+ }

/* In case rasterizer does something bad because of
charset subsetting... */
@@ -517,6 +522,10 @@ FontFileOpenBitmapNCF (fpe, pFont, flags

dir = (FontDirectoryPtr) fpe->private;
bitmap = &entry->u.bitmap;
+ if(!bitmap || !bitmap->renderer->OpenBitmap)
+ return BadFontName;
+ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
+ return BadFontName;
strcpy (fileName, dir->directory);
strcat (fileName, bitmap->fileName);
ret = (*bitmap->renderer->OpenBitmap)
@@ -553,6 +562,10 @@ FontFileGetInfoBitmap (fpe, pFontInfo, e

dir = (FontDirectoryPtr) fpe->private;
bitmap = &entry->u.bitmap;
+ if (!bitmap || !bitmap->renderer->GetInfoBitmap)
+ return BadFontName;
+ if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName))
+ return BadFontName;
strcpy (fileName, dir->directory);
strcat (fileName, bitmap->fileName);
ret = (*bitmap->renderer->GetInfoBitmap) (fpe, pFontInfo, entry, fileName);
@@ -936,10 +949,15 @@ FontFileListOneFontWithInfo (client, fpe
vals.ranges = FontParseRanges(origName, &vals.nranges);
ranges = vals.ranges;
/* Make a new scaled instance */
- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->GetInfoScalable)
- (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->GetInfoScalable)
+ (fpe, *pFontInfo, entry, &tmpName, fileName, &vals);
+ }
if (ranges) xfree(ranges);
}
}
@@ -976,10 +994,15 @@ FontFileListOneFontWithInfo (client, fpe
bc = &entry->u.bc;
entry = bc->entry;
/* Make a new scaled instance */
- strcpy (fileName, dir->directory);
- strcat (fileName, scalable->fileName);
- ret = (*scalable->renderer->GetInfoScalable)
+ if (strlen(dir->directory) + strlen(scalable->fileName) >=
+ sizeof(fileName)) {
+ ret = BadFontName;
+ } else {
+ strcpy (fileName, dir->directory);
+ strcat (fileName, scalable->fileName);
+ ret = (*scalable->renderer->GetInfoScalable)
(fpe, *pFontInfo, entry, tmpName, fileName, &bc->vals);
+ }
break;
#endif
default: