SOURCES: xpdf-cve-2006-0301.patch (NEW) - security fix: CVE-2006-0...

psz psz at pld-linux.org
Fri Feb 17 17:51:03 CET 2006 

Author: psz                          Date: Fri Feb 17 16:51:03 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- security fix: CVE-2006-0301
- rel 4; STBR

---- Files affected:
SOURCES:
   xpdf-cve-2006-0301.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/xpdf-cve-2006-0301.patch
diff -u /dev/null SOURCES/xpdf-cve-2006-0301.patch:1.1
--- /dev/null	Fri Feb 17 17:51:03 2006
+++ SOURCES/xpdf-cve-2006-0301.patch	Fri Feb 17 17:50:57 2006
@@ -0,0 +1,39 @@
+Index: xpdf/splash/Splash.cc
+===================================================================
+--- xpdf/splash/Splash.cc	(revision 498958)
++++ xpdf/splash/Splash.cc	(working copy)
+@@ -928,6 +928,10 @@ void Splash::drawPixel(int x, int y, Spl
+   int alpha2, ialpha2;
+   Guchar t;
+ 
++  if ( (unsigned) x >= (unsigned) bitmap->getWidth() ||
++       (unsigned) y >= (unsigned) bitmap->getHeight())
++    return;
++
+   if (noClip || state->clip->test(x, y)) {
+     if (alpha != 1 || softMask || state->blendFunc) {
+       blendFunc = state->blendFunc ? state->blendFunc : &blendNormal;
+@@ -1195,6 +1199,11 @@ void Splash::drawSpan(int x0, int x1, in
+     updateModY(y);
+   }
+ 
++  if ((unsigned) x0 >= (unsigned) bitmap->getWidth() ||
++      (unsigned) x1 >= (unsigned) bitmap->getWidth() ||
++      (unsigned) y >= (unsigned) bitmap->getHeight())
++    return;
++
+   if (alpha != 1 || softMask || state->blendFunc) {
+     blendFunc = state->blendFunc ? state->blendFunc : &blendNormal;
+     if (softMask) {
+@@ -1825,6 +1834,11 @@ void Splash::xorSpan(int x0, int x1, int
+     updateModY(y);
+   }
+ 
++  if ((unsigned) x0 >= (unsigned) bitmap->getWidth() ||
++      (unsigned) x1 >= (unsigned) bitmap->getWidth() ||
++      (unsigned) y >= (unsigned) bitmap->getHeight())
++    return;
++
+   switch (bitmap->mode) {
+   case splashModeMono1:
+     p = &bitmap->data[y * bitmap->rowSize + (x0 >> 3)];
================================================================

More information about the pld-cvs-commit mailing list