From 32d7a9f7184a5b3bfb0e6010a56658a2c1ef21a9 Mon Sep 17 00:00:00 2001 From: Matt Giuca Date: Sun, 8 Feb 2015 20:59:34 -0500 Subject: [PATCH 1/3] BUG : fix security bug reported via debian by Matt Giuca Fixes CVE-2013-1424 --- lib/matplotlib/__init__.py | 1 + lib/matplotlib/tests/test_mplutils.py | 12 ++++++++++++ src/mplutils.cpp | 5 ++++- 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 lib/matplotlib/tests/test_mplutils.py diff --git a/lib/matplotlib/__init__.py b/lib/matplotlib/__init__.py index cddda608496d..9bcc76432f32 100644 --- a/lib/matplotlib/__init__.py +++ b/lib/matplotlib/__init__.py @@ -1402,6 +1402,7 @@ def tk_window_focus(): 'matplotlib.tests.test_lines', 'matplotlib.tests.test_mathtext', 'matplotlib.tests.test_mlab', + 'matplotlib.tests.test_mplutils', 'matplotlib.tests.test_patches', 'matplotlib.tests.test_path', 'matplotlib.tests.test_patheffects', diff --git a/lib/matplotlib/tests/test_mplutils.py b/lib/matplotlib/tests/test_mplutils.py new file mode 100644 index 000000000000..e37e41c8b1ff --- /dev/null +++ b/lib/matplotlib/tests/test_mplutils.py @@ -0,0 +1,12 @@ +from __future__ import print_function +from nose.tools import assert_raises +from matplotlib import ft2font +from matplotlib.testing.decorators import knownfailureif +import sys + +def test_printf_buffer(): + """Tests Printf for buffer overrun.""" + # Use ft2font.FT2Font, which indirectly calls the Printf function in + # mplutils.cpp. + # Expect a RuntimeError, since the font is not found. + assert_raises(RuntimeError, ft2font.FT2Font, 'x' * 2048) diff --git a/src/mplutils.cpp b/src/mplutils.cpp index febb97ac81a0..af3a2f3ebcaa 100644 --- a/src/mplutils.cpp +++ b/src/mplutils.cpp @@ -18,7 +18,10 @@ Printf::Printf(const char *fmt, ...) { va_list ap; va_start(ap, fmt); - vsprintf(buffer, fmt, ap); + vsnprintf(buffer, 1024, fmt, ap); + // Null-terminate the string. Non-standard C implementations (e.g., + // Microsoft Visual C++) do not do this automatically. + buffer[1023] = '\0'; va_end(ap); // look ma - I rememberd it this time } From 317a05ea96cd641db8daa4cbff84b039a81abda4 Mon Sep 17 00:00:00 2001 From: Thomas A Caswell Date: Sun, 8 Feb 2015 21:06:48 -0500 Subject: [PATCH 2/3] TST : remove test No longer tests what it is meant to test --- lib/matplotlib/__init__.py | 1 - lib/matplotlib/tests/test_mplutils.py | 12 ------------ 2 files changed, 13 deletions(-) delete mode 100644 lib/matplotlib/tests/test_mplutils.py diff --git a/lib/matplotlib/__init__.py b/lib/matplotlib/__init__.py index 9bcc76432f32..cddda608496d 100644 --- a/lib/matplotlib/__init__.py +++ b/lib/matplotlib/__init__.py @@ -1402,7 +1402,6 @@ def tk_window_focus(): 'matplotlib.tests.test_lines', 'matplotlib.tests.test_mathtext', 'matplotlib.tests.test_mlab', - 'matplotlib.tests.test_mplutils', 'matplotlib.tests.test_patches', 'matplotlib.tests.test_path', 'matplotlib.tests.test_patheffects', diff --git a/lib/matplotlib/tests/test_mplutils.py b/lib/matplotlib/tests/test_mplutils.py deleted file mode 100644 index e37e41c8b1ff..000000000000 --- a/lib/matplotlib/tests/test_mplutils.py +++ /dev/null @@ -1,12 +0,0 @@ -from __future__ import print_function -from nose.tools import assert_raises -from matplotlib import ft2font -from matplotlib.testing.decorators import knownfailureif -import sys - -def test_printf_buffer(): - """Tests Printf for buffer overrun.""" - # Use ft2font.FT2Font, which indirectly calls the Printf function in - # mplutils.cpp. - # Expect a RuntimeError, since the font is not found. - assert_raises(RuntimeError, ft2font.FT2Font, 'x' * 2048) From 5aac964236ff0173aef773c1aee8904990de9049 Mon Sep 17 00:00:00 2001 From: Thomas A Caswell Date: Mon, 9 Feb 2015 10:42:28 -0500 Subject: [PATCH 3/3] TST : force pep8 version to be 1.5.7 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 89591bc1122d..a925f86b7a34 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,7 +21,7 @@ matrix: env: BUILD_DOCS=true install: - - pip install -q --use-mirrors nose python-dateutil numpy pep8 pyparsing pillow + - pip install -q --use-mirrors nose python-dateutil numpy pep8==1.5.7 pyparsing pillow - sudo apt-get update && sudo apt-get -qq install inkscape libav-tools mencoder # We use --no-install-recommends to avoid pulling in additional large latex docs that we don't need - if [[ $BUILD_DOCS == true ]]; then sudo apt-get install -qq --no-install-recommends dvipng texlive-latex-base texlive-latex-extra texlive-fonts-recommended graphviz; fi