Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 96254 Details for
Bug 145513
x11-base/xorg-x11 Integer overflow in CID parser (CVE-2006-37{39|40})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
1.2.0-cid-overflows.patch
1.2.0-cid-overflows.patch (text/plain), 2.77 KB, created by
Donnie Berkholz (RETIRED)
on 2006-09-07 00:08:49 UTC
(
hide
)
Description:
1.2.0-cid-overflows.patch
Filename:
MIME Type:
Creator:
Donnie Berkholz (RETIRED)
Created:
2006-09-07 00:08:49 UTC
Size:
2.77 KB
patch
obsolete
>--- /usr/local/overlays/security/x11-libs/libXfont/files/1.2.0-cid-overflows.patch 2006-09-05 10:02:05.000000000 -0700 >+++ /home/donnie/libXfont.diff 2006-09-07 00:03:28.000000000 -0700 >@@ -1,17 +1,15 @@ >-diff --git a/src/Type1/afm.c b/src/Type1/afm.c >-index b8ce2d3..006ff3c 100644 >---- a/src/Type1/afm.c >-+++ b/src/Type1/afm.c >-@@ -37,6 +37,8 @@ #endif >- #include <X11/fonts/fontmisc.h> /* for xalloc/xfree */ >- #include "AFM.h" >- >+diff -u -r lib/font/Type1/afm.c.orig lib/font/Type1/afm.c >+--- lib/font/Type1/afm.c.orig 2006-09-05 21:38:13.000000000 +0200 >++++ lib/font/Type1/afm.c 2006-09-05 21:39:33.000000000 +0200 >+@@ -29,6 +29,7 @@ >+ #include <stdio.h> >+ #include <string.h> >+ #include <stdlib.h> > +#include <limits.h> >-+ >- #define PBUF 256 >- #define KBUF 20 >- >-@@ -118,6 +120,11 @@ int CIDAFM(FILE *fd, FontInfo **pfi) { >+ #else >+ #include "Xmd.h" /* For INT32 declaration */ >+ #include "Xdefs.h" /* For Bool */ >+@@ -118,6 +119,11 @@ > > fi->nChars = atoi(p); > >@@ -23,20 +21,18 @@ > fi->metrics = (Metrics *)xalloc(fi->nChars * > sizeof(Metrics)); > if (fi->metrics == NULL) { >-diff --git a/src/Type1/scanfont.c b/src/Type1/scanfont.c >-index 04e3fe2..bc3c244 100644 >---- a/src/Type1/scanfont.c >-+++ b/src/Type1/scanfont.c >-@@ -72,6 +72,8 @@ #include "objects.h" >- #include "spaces.h" >- #include "fontfcn.h" >- #include "blues.h" >-+ >+diff -u -r lib/font/Type1/scanfont.c.orig lib/font/Type1/scanfont.c >+--- lib/font/Type1/scanfont.c.orig 2006-09-05 21:38:13.000000000 +0200 >++++ lib/font/Type1/scanfont.c 2006-09-05 21:39:22.000000000 +0200 >+@@ -57,6 +57,7 @@ >+ >+ #ifndef FONTMODULE >+ #include <string.h> > +#include <limits.h> >- >- #if XFONT_CID >- #define CID_BUFSIZE 80 >-@@ -654,6 +656,7 @@ getFDArray(psobj *arrayP) >+ #else >+ #include "Xdefs.h" /* Bool declaration */ >+ #include "Xmd.h" /* INT32 declaration */ >+@@ -654,6 +655,7 @@ > arrayP->data.valueP = tokenStartP; > > /* allocate FDArray */ >@@ -44,7 +40,7 @@ > FDArrayP = (psfont *)vm_alloc(arrayP->len*(sizeof(psfont))); > if (!(FDArrayP)) return(SCAN_OUT_OF_MEMORY); > >-@@ -850,7 +853,8 @@ BuildSubrs(psfont *FontP) >+@@ -850,7 +852,8 @@ > } > return(SCAN_OK); > } >@@ -54,7 +50,7 @@ > arrayP = (psobj *)vm_alloc(N*sizeof(psobj)); > if (!(arrayP) ) return(SCAN_OUT_OF_MEMORY); > FontP->Subrs.len = N; >-@@ -911,7 +915,7 @@ BuildCharStrings(psfont *FontP) >+@@ -911,7 +914,7 @@ > } > else return(rc); /* if next token was not an Int */ > } >@@ -63,7 +59,7 @@ > /* save number of entries in the dictionary */ > > dictP = (psdict *)vm_alloc((N+1)*sizeof(psdict)); >-@@ -1719,6 +1723,10 @@ scan_cidfont(cidfont *CIDFontP, cmapres >+@@ -1719,6 +1722,10 @@ > if (tokenType == TOKEN_INTEGER) > rangecnt = tokenValue.integer; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 145513
:
95407
|
96088
|
96089
|
96254
|
96271
|
96288
|
96295