• Bug#1104462: ttfdump undocumentedly clobbers file specified by argv[2]

    From Simon Tatham@21:1/5 to All on Wed Apr 30 18:20:01 2025
    Package: texlive-binaries
    Version: 2024.20240313.70630+ds-6

    I had four TrueType font files, and I wanted to dump all four of them
    and grep out some information about their metrics, so I did this, on the reasonable assumption that trying to dump more than one font file at a
    time would either concatenate the dumps of all of them, or complain
    about bad command-line syntax, and in the latter case I could do it
    again the long way round:

    $ ttfdump *.ttf | grep stuff

    This produced no output and no error message, and turned out to have overwritten the second of my four font files with the full textual dump
    of the first. Apparently, if ttfdump receives more than one positional argument, the second one is treated as an output file, and as far as I
    can see the third and fourth are completely ignored.

    This behaviour isn't documented in the man page. That mentions the -o
    option for specifying an output file (which also works), but not the
    fact that an output file name can be given as a second positional
    argument instead of using -o. However, the brief usage message from
    running 'ttfdump' without arguments does mention it:

    ttfdump 0.5.5 (TeX Live 2025/dev)
    Usage: ttfdump ttfname dumpname [options]

    Admittedly, if this _had_ been documented in the man page, it wouldn't
    have saved me, because I didn't check the man page before trying the
    dump tool on multiple input files. So I'm tempted to suggest removing
    the 'infile outfile' syntax completely, and living with the backwards compatibility hit, because I think there's an argument that diagnostic
    tools like this ought to make it difficult to accidentally destroy
    useful data!

    Since I was trying to dump four font files rather than two, what _would_
    have saved me on this occasion is if ttfdump had objected to seeing
    _more_ than two positional arguments, and stopped with an error rather
    than proceeding anyway.

    Cheers,
    Simon

    --
    import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1( m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r and s%q!=0 and m)(12342649995480866419, 2278082317364501, 1670428356600652640, 5398151833726432125, 645223105888478, 1916678356240619, "<anakin@pobox.com>"))

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Norbert Preining@21:1/5 to All on Thu May 1 01:30:01 2025
    Hi Karl, hi all,

    bug report in Debian, but that might be a good idea to warn if excessive arguments are given, or the dump output (second file argument) is
    already present.

    Also, the man page does not list that
    ttfdump -o OUTPUT TTF
    is the same as
    ttfdump TTF OUTPUT

    It is a bit confusing I admit.

    Best regards

    Norbert

    ----- Forwarded message from Simon Tatham <anakin@pobox.com> -----
    I had four TrueType font files, and I wanted to dump all four of them
    and grep out some information about their metrics, so I did this, on the reasonable assumption that trying to dump more than one font file at a
    time would either concatenate the dumps of all of them, or complain
    about bad command-line syntax, and in the latter case I could do it
    again the long way round:

    $ ttfdump *.ttf | grep stuff

    This produced no output and no error message, and turned out to have overwritten the second of my four font files with the full textual dump
    of the first. Apparently, if ttfdump receives more than one positional argument, the second one is treated as an output file, and as far as I
    can see the third and fourth are completely ignored.
    [...]
    ----- End forwarded message -----

    --
    PREINING Norbert https://www.preining.info
    arXiv / Cornell University + IFMGA Guide + TU Wien + TeX Live
    GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)