File transfig-03ea4578.patch of Package transfig.8598
commit 03ea4578258d2d9ca1ceb080e469ad261db39ef0
Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>
Date: Fri Jul 26 23:25:50 2019 +0200
Allow circle arrowheads when mag >= 42, ticket #52
Circle and half-circle arrowheads would be drawn with 40 + mag/4 points by
calc_arrow() in bound.c. However, the point arrays passed to calc_arrow()
would only contain 50 points. With a magnification >= 42, a buffer overrun
would occur. Simply use 40 points, independent of magnification.
---
fig2dev/bound.c | 6 +++---
fig2dev/read1_3.c | 14 ++++++++------
2 files changed, 11 insertions(+), 9 deletions(-)
--- fig2dev/bound.c
+++ fig2dev/bound.c 2019-08-15 07:38:07.518523525 +0000
@@ -888,7 +888,7 @@ calc_arrow(x1, y1, x2, y2, linethick, ar
/*
* CIRCLE and HALF-CIRCLE arrowheads
*
- * We approximate circles with (40+zoom)/4 points
+ * We approximate circles with 40 points
*/
/* use original dx, dy to get starting angle */
@@ -907,8 +907,8 @@ calc_arrow(x1, y1, x2, y2, linethick, ar
radius = len/2.0;
fix_x = xs + (dx / (double) 2.0);
fix_y = ys + (dy / (double) 2.0);
- /* choose number of points for circle - 40+mag/4 points */
- np = round(mag/4.0) + 40;
+ /* choose number of points for circle */
+ *npoints = np = 40;
if (type == 5) {
/* full circle */
--- fig2dev/read1_3.c
+++ fig2dev/read1_3.c 2019-08-15 07:40:27.699920660 +0000
@@ -206,13 +206,14 @@ FILE *fp;
&com->secorner.x, &com->secorner.y);
if (n != 4) {
put_msg("Incorrect compound object format");
+ free(com);
return(NULL);
}
while (fscanf(fp, "%d", &object) == 1) {
switch (object) {
case O_POLYLINE :
if ((l = read_lineobject(fp)) == NULL) {
- free_line(&l);
+ free_compound(&com);
return(NULL);
}
if (ll)
@@ -222,7 +223,7 @@ FILE *fp;
break;
case O_SPLINE :
if ((s = read_splineobject(fp)) == NULL) {
- free_spline(&s);
+ free_compound(&com);
return(NULL);
}
if (ls)
@@ -232,7 +233,7 @@ FILE *fp;
break;
case O_ELLIPSE :
if ((e = read_ellipseobject(fp)) == NULL) {
- free_ellipse(&e);
+ free_compound(&com);
return(NULL);
}
if (le)
@@ -242,7 +243,7 @@ FILE *fp;
break;
case O_ARC :
if ((a = read_arcobject(fp)) == NULL) {
- free_arc(&a);
+ free_compound(&com);
return(NULL);
}
if (la)
@@ -252,7 +253,7 @@ FILE *fp;
break;
case O_TEXT :
if ((t = read_textobject(fp)) == NULL) {
- free_text(&t);
+ free_compound(&com);
return(NULL);
}
if (lt)
@@ -262,7 +263,7 @@ FILE *fp;
break;
case O_COMPOUND :
if ((c = read_compoundobject(fp)) == NULL) {
- free_compound(&c);
+ free_compound(&com);
return(NULL);
}
if (lc)
@@ -278,6 +279,7 @@ FILE *fp;
return(com);
else {
put_msg("Format error: %s", strerror(errno));
+ free_compound(&com);
return(NULL);
}
}
