Sākums Izpētīt Palīdzība
Pierakstīties
openpkg
/
openpkg-packages
Vērot 2
Pievienot zvaigznīti 0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0
Pārlūkot izejas kodu

security patch regarding CAN-2005-2097 ("loca" table verification)

Christoph Schug 20 gadi atpakaļ
vecāks
dfcd43b155
revīzija
afedafe78a
2 mainītis faili ar 59 papildinājumiem un 0 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 57 0
      xpdf/xpdf.patch
  2. 2 0
      xpdf/xpdf.spec

+ 57 - 0
xpdf/xpdf.patch
Parādīt failu 

@@ -0,0 +1,57 @@
 
+--- xpdf-3.00/xpdf/SplashOutputDev.cc
 
++++ xpdf-3.00/xpdf/SplashOutputDev.cc
 
+@@ -621,16 +621,19 @@
 
+       }
 
+       break;
 
+     case fontTrueType:
 
+-      if (!(ff = FoFiTrueType::load(fileName->getCString()))) {
 
+-	goto err2;
 
++      if ((ff = FoFiTrueType::load(fileName->getCString()))) {
 
++	codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
 
++	n = 256;
 
++	delete ff;
 
++      } else {
 
++	codeToGID = NULL;
 
++	n = 0;
 
+       }
 
+-      codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
 
+-      delete ff;
 
+       if (!(fontFile = fontEngine->loadTrueTypeFont(
 
+ 			   id,
 
+ 			   fileName->getCString(),
 
+ 			   fileName == tmpFileName,
 
+-			   codeToGID, 256))) {
 
++			   codeToGID, n))) {
 
+ 	error(-1, "Couldn't create a font for '%s'",
 
+ 	      gfxFont->getName() ? gfxFont->getName()->getCString()
 
+ 	                         : "(unnamed)");
 
+--- xpdf-3.00/fofi/FoFiTrueType.cc
 
++++ xpdf-3.00/fofi/FoFiTrueType.cc
 
+@@ -1343,6 +1343,27 @@
 
+     return;
 
+   }
 
+ 
++  // make sure the loca table is sane (correct length and entries are
 
++  // in bounds)
 
++  i = seekTable("loca");
 
++  if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
 
++    parsedOk = gFalse;
 
++    return;
 
++  }
 
++  for (j = 0; j <= nGlyphs; ++j) {
 
++    if (locaFmt) {
 
++      pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
 
++    } else {
 
++      pos = getU16BE(tables[i].offset + j*2, &parsedOk);
 
++    }
 
++    if (pos < 0 || pos > len) {
 
++      parsedOk = gFalse;
 
++    }
 
++  }
 
++  if (!parsedOk) {
 
++    return;
 
++  }
 
++
 
+   // read the post table
 
+   readPostTable();
 
+   if (!parsedOk) {

+ 2 - 0
xpdf/xpdf.spec
Parādīt failu 

@@ -44,6 +44,7 @@ Source0:      ftp://ftp.foolabs.com/pub/xpdf/xpdf-%{V_base}.tar.gz
 
 Patch0:       ftp://ftp.foolabs.com/pub/xpdf/xpdf-%{V_base}pl1.patch
 
 Patch1:       ftp://ftp.foolabs.com/pub/xpdf/xpdf-%{V_base}pl2.patch
 
 Patch2:       ftp://ftp.foolabs.com/pub/xpdf/xpdf-%{V_base}pl3.patch
 
+Patch3:       xpdf.patch
 
 
 #   build information
 
 Prefix:       %{l_prefix}
 
@@ -74,6 +75,7 @@ AutoReqProv:  no
 
 %prep
 
     %setup -q -n xpdf-%{V_base}
 
     %patch -p0 -d xpdf -P 0 1 2
 
+    %patch -p1 -P 3
 
 
 %build
 
     CC="%{l_cc}" \