ALT Linux Bugzilla
– Attachment 1292 Details for
Bug 8632
SECURITY problems: CAN-2005-2097, CVE-2005-319[1-3]
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
CAN-2005-2097.patch
01_CAN-2005-2097.patch (text/plain), 1.86 KB, created by
Vladimir Lettiev
on 2005-12-13 10:07:16 MSK
(
hide
)
Description:
CAN-2005-2097.patch
Filename:
MIME Type:
Creator:
Vladimir Lettiev
Created:
2005-12-13 10:07:16 MSK
Size:
1.86 KB
patch
obsolete
>diff -Nur poppler-0.3.3/fofi/FoFiTrueType.cc poppler-0.3.3.new/fofi/FoFiTrueType.cc >--- poppler-0.3.3/fofi/FoFiTrueType.cc 2005-03-03 20:45:58.000000000 +0100 >+++ poppler-0.3.3.new/fofi/FoFiTrueType.cc 2005-08-09 13:02:26.000000000 +0200 >@@ -1343,6 +1343,27 @@ > return; > } > >+ // make sure the loca table is sane (correct length and entries are >+ // in bounds) >+ i = seekTable("loca"); >+ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) { >+ parsedOk = gFalse; >+ return; >+ } >+ for (j = 0; j <= nGlyphs; ++j) { >+ if (locaFmt) { >+ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk); >+ } else { >+ pos = getU16BE(tables[i].offset + j*2, &parsedOk); >+ } >+ if (pos < 0 || pos > len) { >+ parsedOk = gFalse; >+ } >+ } >+ if (!parsedOk) { >+ return; >+ } >+ > // read the post table > readPostTable(); > if (!parsedOk) { >diff -Nur poppler-0.3.3/poppler/SplashOutputDev.cc poppler-0.3.3.new/poppler/SplashOutputDev.cc >--- poppler-0.3.3/poppler/SplashOutputDev.cc 2005-03-03 20:46:01.000000000 +0100 >+++ poppler-0.3.3.new/poppler/SplashOutputDev.cc 2005-08-09 13:02:26.000000000 +0200 >@@ -623,16 +623,19 @@ > } > break; > case fontTrueType: >- if (!(ff = FoFiTrueType::load(fileName->getCString()))) { >- goto err2; >+ if ((ff = FoFiTrueType::load(fileName->getCString()))) { >+ codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff); >+ n = 256; >+ delete ff; >+ } else { >+ codeToGID = NULL; >+ n = 0; > } >- codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff); >- delete ff; > if (!(fontFile = fontEngine->loadTrueTypeFont( > id, > fileName->getCString(), > fileName == tmpFileName, >- codeToGID, 256))) { >+ codeToGID, n))) { > error(-1, "Couldn't create a font for '%s'", > gfxFont->getName() ? gfxFont->getName()->getCString() > : "(unnamed)");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1292">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 8632
: 1292 |
1293
