[bug #66052] Possible OVERRUN on two arrays in roff/troff

: None ___ Follow-up Comments: --- Date: Thu 01 Aug 2024 08:51:26 AM UTC By: Lukas There are two possible overruns of the arrays in the src/roff/troff files. These defects were identified by SAST analyzers (combination of coverity,snyk,cppcheck,gcc

[bug #66076] [xditview] Unsafe string handling in xditview.c

: None ___ Follow-up Comments: --- Date: Mon 12 Aug 2024 11:06:32 AM UTC By: Lukas There is an unsafe string handling in the src/devices/xditview/xditview.c file. Since the "file_name" variable comes from the argu

[bug #66078] [refer] Typo in the array elements comparison in src/preproc/refer/ref.cpp

: None ___ Follow-up Comments: --- Date: Mon 12 Aug 2024 12:41:13 PM UTC By: Lukas Javorsky For-loop that should compare array's elements lack the dereference for each individual element. These d

[bug #66079] [troff] Uninitialized variable used within add_char function in roff/troff/input.cpp

: None ___ Follow-up Comments: --- Date: Mon 12 Aug 2024 01:46:56 PM UTC By: Lukas Javorsky Using uninitialized variable "s" could cause undefined behavior. It's safer to initialize it to &qu

[bug #66080] [pic] Using uninitialized elements of the "place" structure in "place::follow" function

Planned Release: None ___ Follow-up Comments: --- Date: Mon 12 Aug 2024 02:03:39 PM UTC By: Lukas Javorsky Using uninitialized elements "x" and "y" could cause undefined beh

[bug #66081] [troff] Possible accessing uninitialized array in env.cpp

: None ___ Follow-up Comments: --- Date: Mon 12 Aug 2024 02:19:21 PM UTC By: Lukas Javorsky In case that `strtok` returns `null`, we break early from for-loop before initializing any values to sizes. We then access uninitialized values

[bug #66080] [pic] Using uninitialized elements of the "place" structure in "place::follow" function

Additional Item Attachment, bug #66080 (group groff): File name: 0001-Initialize-x-and-y-elements-of-the-here-structure.second.patch Size: 1KiB AGPL NOTICE These attach

[bug #66080] [pic] Using uninitialized elements of the "place" structure in "place::follow" function

Follow-up Comment #1, bug #66080 (group groff): Added new patch as there is one more place where the same bug appears ___ Reply to this item at: ___ Mes

[bug #66079] [troff] Uninitialized variable used within add_char function in roff/troff/input.cpp

Additional Item Attachment, bug #66079 (group groff): File name: 0001-Initialize-x-and-y-elements-of-the-here-structure.second.patch Size: 1KiB AGPL NOTICE These attach

[bug #66079] [troff] Uninitialized variable used within add_char function in roff/troff/input.cpp

Follow-up Comment #1, bug #66079 (group groff): Added a new patch (with .second) as there is one more occurrence of the same exact bug. ___ Reply to this item at: _

[bug #66079] [troff] uninitialized local `s` potentially used in `token::add_to_zero_width_node_list()`

Follow-up Comment #4, bug #66079 (group groff): Sorry, I attached the wrong .second patch. Now attaching the right one. (file #56372) ___ Additional Item Attachment: File name: 0005-Initialize-s-to-prevent-undefined-behavior.second.patch

[bug #66052] [troff] possible 1-byte stack overwrite, heap overread

Follow-up Comment #6, bug #66052 (group groff): Looking at the commit 568beeb2efed5299868585c9bf3c700413cf1a12, isn't there a typo where you made the change: - int num[WORD_MAX + 3]; + int num[WORD_MAX + 2 + 1]; Shouldn't it be: - int num[WORD_MAX + 3]; + int num