SOURCES: gpdf-cve-2006-0301.patch (NEW) - security fix: CVE-2006-0...
psz
psz at pld-linux.org
Fri Feb 17 19:34:43 CET 2006
Author: psz Date: Fri Feb 17 18:34:43 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- security fix: CVE-2006-0301
- rel 4; STBR
---- Files affected:
SOURCES:
gpdf-cve-2006-0301.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/gpdf-cve-2006-0301.patch
diff -u /dev/null SOURCES/gpdf-cve-2006-0301.patch:1.1
--- /dev/null Fri Feb 17 19:34:43 2006
+++ SOURCES/gpdf-cve-2006-0301.patch Fri Feb 17 19:34:38 2006
@@ -0,0 +1,37 @@
+--- gpdf-2.10.0/splash/Splash.cc.orig 2004-05-17 20:10:49.000000000 +0200
++++ gpdf-2.10.0/splash/Splash.cc 2006-02-17 19:30:17.000000000 +0100
+@@ -734,6 +734,10 @@
+ SplashMono1P *mono1;
+ SplashBGR8P *bgr8;
+
++ if ( (unsigned) x >= (unsigned) bitmap->getWidth() ||
++ (unsigned) y >= (unsigned) bitmap->getHeight())
++ return;
++
+ if (noClip || state->clip->test(x, y)) {
+ color = pattern->getColor(x, y);
+ switch (bitmap->mode) {
+@@ -773,6 +777,11 @@
+
+ n = x1 - x0 + 1;
+
++ if ((unsigned) x0 >= (unsigned) bitmap->getWidth() ||
++ (unsigned) x1 >= (unsigned) bitmap->getWidth() ||
++ (unsigned) y >= (unsigned) bitmap->getHeight())
++ return;
++
+ switch (bitmap->mode) {
+ case splashModeMono1:
+ mono1 = &bitmap->data.mono8[y * bitmap->rowSize + (x0 >> 3)];
+@@ -858,6 +867,11 @@
+
+ n = x1 - x0 + 1;
+
++ if ((unsigned) x0 >= (unsigned) bitmap->getWidth() ||
++ (unsigned) x1 >= (unsigned) bitmap->getWidth() ||
++ (unsigned) y >= (unsigned) bitmap->getHeight())
++ return;
++
+ switch (bitmap->mode) {
+ case splashModeMono1:
+ mono1 = &bitmap->data.mono8[y * bitmap->rowSize + (x0 >> 3)];
================================================================
More information about the pld-cvs-commit
mailing list