SOURCES: xpdf-CAN-2005-2097.patch (NEW) - fix for a DoS vulnerabil...
adamg
adamg at pld-linux.org
Tue Aug 16 10:29:10 CEST 2005
Author: adamg Date: Tue Aug 16 08:29:10 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- fix for a DoS vulnerability (CAN-2005-2097)
- release 10
---- Files affected:
SOURCES:
xpdf-CAN-2005-2097.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/xpdf-CAN-2005-2097.patch
diff -u /dev/null SOURCES/xpdf-CAN-2005-2097.patch:1.1
--- /dev/null Tue Aug 16 10:29:10 2005
+++ SOURCES/xpdf-CAN-2005-2097.patch Tue Aug 16 10:29:05 2005
@@ -0,0 +1,57 @@
+--- xpdf-3.00/fofi/FoFiTrueType.cc (revision 439182)
++++ xpdf-3.00/fofi/FoFiTrueType.cc (working copy)
+@@ -1343,6 +1343,27 @@
+ return;
+ }
+
++ // make sure the loca table is sane (correct length and entries are
++ // in bounds)
++ i = seekTable("loca");
++ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
++ parsedOk = gFalse;
++ return;
++ }
++ for (j = 0; j <= nGlyphs; ++j) {
++ if (locaFmt) {
++ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
++ } else {
++ pos = getU16BE(tables[i].offset + j*2, &parsedOk);
++ }
++ if (pos < 0 || pos > len) {
++ parsedOk = gFalse;
++ }
++ }
++ if (!parsedOk) {
++ return;
++ }
++
+ // read the post table
+ readPostTable();
+ if (!parsedOk) {
+--- xpdf-3.00/xpdf/SplashOutputDev.cc (revision 439182)
++++ xpdf-3.00/xpdf/SplashOutputDev.cc (working copy)
+@@ -621,16 +621,19 @@
+ }
+ break;
+ case fontTrueType:
+- if (!(ff = FoFiTrueType::load(fileName->getCString()))) {
+- goto err2;
++ if ((ff = FoFiTrueType::load(fileName->getCString()))) {
++ codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
++ n = 256;
++ delete ff;
++ } else {
++ codeToGID = NULL;
++ n = 0;
+ }
+- codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
+- delete ff;
+ if (!(fontFile = fontEngine->loadTrueTypeFont(
+ id,
+ fileName->getCString(),
+ fileName == tmpFileName,
+- codeToGID, 256))) {
++ codeToGID, n))) {
+ error(-1, "Couldn't create a font for '%s'",
+ gfxFont->getName() ? gfxFont->getName()->getCString()
+ : "(unnamed)");
================================================================
More information about the pld-cvs-commit
mailing list