Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 64439 Details for
Bug 100263
kde-base/{kdegraphics|kpdf} DoS from XPDF issue
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
post-3.3.1-kdegraphics-4.diff
post-3.3.1-kdegraphics-4.diff (text/plain), 1.75 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-07-27 06:45:48 UTC
(
hide
)
Description:
post-3.3.1-kdegraphics-4.diff
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-07-27 06:45:48 UTC
Size:
1.75 KB
patch
obsolete
>Index: kpdf/fofi/FoFiTrueType.cc >=================================================================== >--- kpdf/fofi/FoFiTrueType.cc (revision 439182) >+++ kpdf/fofi/FoFiTrueType.cc (working copy) >@@ -1343,6 +1343,27 @@ > return; > } > >+ // make sure the loca table is sane (correct length and entries are >+ // in bounds) >+ i = seekTable("loca"); >+ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) { >+ parsedOk = gFalse; >+ return; >+ } >+ for (j = 0; j <= nGlyphs; ++j) { >+ if (locaFmt) { >+ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk); >+ } else { >+ pos = getU16BE(tables[i].offset + j*2, &parsedOk); >+ } >+ if (pos < 0 || pos > len) { >+ parsedOk = gFalse; >+ } >+ } >+ if (!parsedOk) { >+ return; >+ } >+ > // read the post table > readPostTable(); > if (!parsedOk) { >Index: kpdf/xpdf/SplashOutputDev.cc >=================================================================== >--- kpdf/xpdf/SplashOutputDev.cc (revision 439182) >+++ kpdf/xpdf/SplashOutputDev.cc (working copy) >@@ -621,16 +621,19 @@ > } > break; > case fontTrueType: >- if (!(ff = FoFiTrueType::load(fileName->getCString()))) { >- goto err2; >+ if ((ff = FoFiTrueType::load(fileName->getCString()))) { >+ codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff); >+ n = 256; >+ delete ff; >+ } else { >+ codeToGID = NULL; >+ n = 0; > } >- codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff); >- delete ff; > if (!(fontFile = fontEngine->loadTrueTypeFont( > id, > fileName->getCString(), > fileName == tmpFileName, >- codeToGID, 256))) { >+ codeToGID, n))) { > error(-1, "Couldn't create a font for '%s'", > gfxFont->getName() ? gfxFont->getName()->getCString() > : "(unnamed)");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 100263
:
64438
| 64439 |
64440
|
64960
|
64961
|
64962