Add patch for the security vulnerability reported in CVE-2009-0196

taken from Redhat's Bugzilla.

1 files changed, 24 insertions, 0 deletions

diff --git a/print/ghostscript/patches/patch-aa b/print/ghostscript/patches/patch-aa
new file mode 100644
index 00000000000..1a7e7489722
--- /dev/null
+++ b/print/ghostscript/patches/patch-aa
@@ -0,0 +1,24 @@
+$NetBSD: patch-aa,v 1.4 2009/04/14 19:32:54 tron Exp $
+
+Patch for CVE-2009-0196 taken from Redhat's Bugzilla:
+
+https://bugzilla.redhat.com/attachment.cgi?id=337747
+
+--- jbig2dec/jbig2_symbol_dict.c.orig	2007-12-11 08:29:58.000000000 +0000
++++ jbig2dec/jbig2_symbol_dict.c	2009-04-14 20:19:01.000000000 +0100
+@@ -699,6 +699,15 @@
+         exrunlength = params->SDNUMEXSYMS;
+       else
+         code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
++      if (exrunlength > params->SDNUMEXSYMS - j) {
++        jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
++          "runlength too large in export symbol table (%d > %d - %d)\n",
++          exrunlength, params->SDNUMEXSYMS, j);
++        jbig2_sd_release(ctx, SDEXSYMS);
++        /* skip to the cleanup code and return SDEXSYMS = NULL */
++        SDEXSYMS = NULL;
++        break;
++      }
+       for(k = 0; k < exrunlength; k++)
+         if (exflag) {
+           SDEXSYMS->glyphs[j++] = (i < m) ?