From 0f455d05ca4a11a0d8283b0b43dcdf5824311914 Mon Sep 17 00:00:00 2001
From: Luigi Scarso <luigi.scarso@gmail.com>
Date: Sat, 12 Oct 2019 12:57:12 +0000
Subject: [PATCH] fixed pack_real using a local buffer

---
 source/texk/web2c/luatexdir/font/writecff.c   | 24 +++++++++++--------
 .../texk/web2c/luatexdir/luatex_svnversion.h  |  2 +-
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/source/texk/web2c/luatexdir/font/writecff.c b/source/texk/web2c/luatexdir/font/writecff.c
index 31a49bae0..808225975 100644
--- a/source/texk/web2c/luatexdir/font/writecff.c
+++ b/source/texk/web2c/luatexdir/font/writecff.c
@@ -1174,6 +1174,7 @@ static long pack_real(card8 * dest, long destlen, double value)
     long e;
     int i = 0, pos = 2;
     int res;
+    char local_work_buffer[WORK_BUFFER_SIZE]; 
 #define CFF_REAL_MAX_LEN 17
     if (destlen < 2)
         normal_error("cff","buffer overflow (6)");
@@ -1199,20 +1200,23 @@ static long pack_real(card8 * dest, long destlen, double value)
             e--;
         }
     }
-    res = sprintf(work_buffer, "%1.14g", value);
+    res = sprintf(local_work_buffer, "%1.14g", value);
+    if ( (dest>work_buffer) &&  (dest-((card8*)work_buffer))<(res+1)) {
+       normal_warning("cff","invalid real value to pack. Continuing, but the font looks wrong.");
+    }
     if (res<0)
         normal_error("cff","invalid conversion");
     if (res>CFF_REAL_MAX_LEN)
         res=CFF_REAL_MAX_LEN;
     for (i = 0; i < res; i++) {
         unsigned char ch = 0;
-        if (work_buffer[i] == '\0') {
+        if (local_work_buffer[i] == '\0') {
             /*tex In fact |res| should prevent this. */
             break;
-        } else if (work_buffer[i] == '.') {
+        } else if (local_work_buffer[i] == '.') {
             ch = 0x0a;
-        } else if (work_buffer[i] >= '0' && work_buffer[i] <= '9') {
-            ch = (unsigned char) (work_buffer[i] - '0');
+        } else if (local_work_buffer[i] >= '0' && local_work_buffer[i] <= '9') {
+            ch = (unsigned char) (local_work_buffer[i] - '0');
         } else {
             normal_error("cff","invalid character");
         }
@@ -1247,15 +1251,15 @@ static long pack_real(card8 * dest, long destlen, double value)
         pos++;
     }
     if (e != 0) {
-        sprintf(work_buffer, "%ld", e);
+        sprintf(local_work_buffer, "%ld", e);
         for (i = 0; i < CFF_REAL_MAX_LEN; i++) {
             unsigned char ch = 0;
-            if (work_buffer[i] == '\0') {
+            if (local_work_buffer[i] == '\0') {
                 break;
-            } else if (work_buffer[i] == '.') {
+            } else if (local_work_buffer[i] == '.') {
                 ch = 0x0a;
-            } else if (work_buffer[i] >= '0' && work_buffer[i] <= '9') {
-                ch = (unsigned char) (work_buffer[i] - '0');
+            } else if (local_work_buffer[i] >= '0' && local_work_buffer[i] <= '9') {
+                ch = (unsigned char) (local_work_buffer[i] - '0');
             } else {
                 normal_error("cff","invalid character");
             }
diff --git a/source/texk/web2c/luatexdir/luatex_svnversion.h b/source/texk/web2c/luatexdir/luatex_svnversion.h
index d5a9aac2e..b7cf4946d 100644
--- a/source/texk/web2c/luatexdir/luatex_svnversion.h
+++ b/source/texk/web2c/luatexdir/luatex_svnversion.h
@@ -1 +1 @@
-#define luatex_svn_revision 7193
+#define luatex_svn_revision 7194
-- 
GitLab