Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 152827 Details for
Bug 221297
arbitrary code execution through crafted font object (CVE-2008-1693)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
40_pdf2-embedded-font-fixes.diff
40_pdf2-embedded-font-fixes.diff (text/plain), 4.60 KB, created by
Peter Alfredsen (RETIRED)
on 2008-05-11 09:48:45 UTC
(
hide
)
Description:
40_pdf2-embedded-font-fixes.diff
Filename:
MIME Type:
Creator:
Peter Alfredsen (RETIRED)
Created:
2008-05-11 09:48:45 UTC
Size:
4.60 KB
patch
obsolete
>diff -Nur -x '*.orig' -x '*~' koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/Object.h koffice-1.6.3.new/filters/kword/pdf/xpdf/xpdf/Object.h >--- koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/Object.h 2007-05-30 14:39:18.000000000 -0700 >+++ koffice-1.6.3.new/filters/kword/pdf/xpdf/xpdf/Object.h 2008-04-15 14:06:35.000000000 -0700 >@@ -68,17 +68,18 @@ > //------------------------------------------------------------------------ > > #ifdef DEBUG_MEM >-#define initObj(t) ++numAlloc[type = t] >+#define initObj(t) zeroUnion(); ++numAlloc[type = t] > #else >-#define initObj(t) type = t >+#define initObj(t) zeroUnion(); type = t > #endif > > class Object { > public: >- >+ // attempt to clear the anonymous union >+ void zeroUnion() { this->name = NULL; } > // Default constructor. > Object(): >- type(objNone) {} >+ type(objNone) { zeroUnion(); } > > // Initialize an object. > Object *initBool(GBool boolnA) >@@ -219,16 +220,16 @@ > #include "Array.h" > > inline int Object::arrayGetLength() >- { return array->getLength(); } >+ { if (type != objArray) return 0; return array->getLength(); } > > inline void Object::arrayAdd(Object *elem) >- { array->add(elem); } >+ { if (type == objArray) array->add(elem); } > > inline Object *Object::arrayGet(int i, Object *obj) >- { return array->get(i, obj); } >+ { if (type != objArray) return obj->initNull(); return array->get(i, obj); } > > inline Object *Object::arrayGetNF(int i, Object *obj) >- { return array->getNF(i, obj); } >+ { if (type != objArray) return obj->initNull(); return array->getNF(i, obj); } > > //------------------------------------------------------------------------ > // Dict accessors. >@@ -237,31 +238,31 @@ > #include "Dict.h" > > inline int Object::dictGetLength() >- { return dict->getLength(); } >+ { if (type != objDict) return 0; return dict->getLength(); } > > inline void Object::dictAdd(char *key, Object *val) >- { dict->add(key, val); } >+ { if (type == objDict) dict->add(key, val); } > > inline GBool Object::dictIs(const char *dictType) >- { return dict->is(dictType); } >+ { return (type == objDict) && dict->is(dictType); } > > inline GBool Object::isDict(const char *dictType) >- { return type == objDict && dictIs(dictType); } >+ { return (type == objDict) && dictIs(dictType); } > > inline Object *Object::dictLookup(const char *key, Object *obj) >- { return dict->lookup(key, obj); } >+ { if (type != objDict) return obj->initNull(); return dict->lookup(key, obj); } > > inline Object *Object::dictLookupNF(const char *key, Object *obj) >- { return dict->lookupNF(key, obj); } >+ { if (type != objDict) return obj->initNull(); return dict->lookupNF(key, obj); } > > inline char *Object::dictGetKey(int i) >- { return dict->getKey(i); } >+ { if (type != objDict) return NULL; return dict->getKey(i); } > > inline Object *Object::dictGetVal(int i, Object *obj) >- { return dict->getVal(i, obj); } >+ { if (type != objDict) return obj->initNull(); return dict->getVal(i, obj); } > > inline Object *Object::dictGetValNF(int i, Object *obj) >- { return dict->getValNF(i, obj); } >+ { if (type != objDict) return obj->initNull(); return dict->getValNF(i, obj); } > > //------------------------------------------------------------------------ > // Stream accessors. >@@ -270,33 +271,33 @@ > #include "Stream.h" > > inline GBool Object::streamIs(const char *dictType) >- { return stream->getDict()->is(dictType); } >+ { return (type == objStream) && stream->getDict()->is(dictType); } > > inline GBool Object::isStream(const char *dictType) >- { return type == objStream && streamIs(dictType); } >+ { return (type == objStream) && streamIs(dictType); } > > inline void Object::streamReset() >- { stream->reset(); } >+ { if (type == objStream) stream->reset(); } > > inline void Object::streamClose() >- { stream->close(); } >+ { if (type == objStream) stream->close(); } > > inline int Object::streamGetChar() >- { return stream->getChar(); } >+ { if (type != objStream) return EOF; return stream->getChar(); } > > inline int Object::streamLookChar() >- { return stream->lookChar(); } >+ { if (type != objStream) return EOF; return stream->lookChar(); } > > inline char *Object::streamGetLine(char *buf, int size) >- { return stream->getLine(buf, size); } >+ { if (type != objStream) return NULL; return stream->getLine(buf, size); } > > inline Guint Object::streamGetPos() >- { return stream->getPos(); } >+ { if (type != objStream) return 0; return stream->getPos(); } > > inline void Object::streamSetPos(Guint pos, int dir) >- { stream->setPos(pos, dir); } >+ { if (type == objStream) stream->setPos(pos, dir); } > > inline Dict *Object::streamGetDict() >- { return stream->getDict(); } >+ { if (type != objStream) return NULL; return stream->getDict(); } > > #endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=152827">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 221297
: 152827
