Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 135312 Details for
Bug 198238
app-text/tetex < 3.0_p1-r6 Multiple issues in dviljk and dvips (CVE-2007-{5935,5936,5937})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
tetex-src-3.0-dvips_bufferoverflow.patch
tetex-src-3.0-dvips_bufferoverflow.patch (text/plain), 2.98 KB, created by
Robert Buchholz (RETIRED)
on 2007-11-06 03:29:40 UTC
(
hide
)
Description:
tetex-src-3.0-dvips_bufferoverflow.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-11-06 03:29:40 UTC
Size:
2.98 KB
patch
obsolete
>hps.c (stamp_external, stamp_hps): protext against long strings. > From Bastien Roucaries via Norbert, 21 Oct 2007 13:22:19, > Debian bug 447081. > >Index: tetex-src-3.0/texk/dvipsk/hps.c >=================================================================== >--- tetex-src-3.0.orig/texk/dvipsk/hps.c >+++ tetex-src-3.0/texk/dvipsk/hps.c >@@ -441,19 +441,28 @@ int href_name_match P2C(char *, h, char > > void stamp_hps P1C(Hps_link *, pl) > { >- char tmpbuf[200] ; >+ char * tmpbuf; > if (pl == NULL) { >- error("Null pointer, oh no!") ; >+ error("stamp_hps: null pl pointer, oh no!") ; > return ; >- } else { >- /* print out the proper pdfm with local page info only >- * target info will be in the target dictionary */ >- (void)sprintf(tmpbuf, >- " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, >- pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], >- pl->color[0], pl->color[1], pl->color[2]) ; >- cmdout(tmpbuf) ; >- } >+ } >+ if(pl->title == NULL) { >+ error("stamp_hps: null pl->title pointer, oh no!") ; >+ return ; >+ } >+ >+ tmpbuf = (char *) xmalloc(strlen(pl->title)+200); >+ >+ /* print out the proper pdfm with local page info only >+ * target info will be in the target dictionary */ >+ (void)sprintf(tmpbuf, >+ " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", >+ pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, >+ pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], >+ pl->color[0], pl->color[1], pl->color[2]) ; >+ cmdout(tmpbuf) ; >+ free(tmpbuf); >+ > > } > >@@ -462,18 +471,27 @@ void stamp_hps P1C(Hps_link *, pl) > */ > void stamp_external P2C(char *, s, Hps_link *, pl) > { >- char tmpbuf[200]; >+ char *tmpbuf; > if (pl == NULL) { >- error("Null pointer, oh no!") ; >+ error("stamp_external: null pl pointer, oh no!") ; > return ; >- } else { >- /* print out the proper pdfm with local page info only >- * target info will be in the target dictionary */ >- (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, >- pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], >- pl->color[0], pl->color[1], pl->color[2], s) ; >- cmdout(tmpbuf) ; >- } >+ } >+ >+ if (s == NULL) { >+ error("stamp_external: null s pointer, oh no!") ; >+ return ; >+ } >+ >+ tmpbuf = (char *) xmalloc(strlen(s) + 200); >+ >+ /* print out the proper pdfm with local page info only >+ * target info will be in the target dictionary */ >+ (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", >+ pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, >+ pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], >+ pl->color[0], pl->color[1], pl->color[2], s) ; >+ cmdout(tmpbuf) ; >+ free(tmpbuf); > } > > void finish_hps P1H(void) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 198238
:
135310
| 135312