diff options
author | tron <tron@pkgsrc.org> | 2009-04-14 19:32:54 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2009-04-14 19:32:54 +0000 |
commit | cb13421cf9121023d6a372b89cf6852a8a18f778 (patch) | |
tree | 8d5e4de3aa2be476a264c65501c051b186fa3487 /print/ghostscript/patches | |
parent | a6ca85049fede56d2832b611f65689eb970f4853 (diff) | |
download | pkgsrc-cb13421cf9121023d6a372b89cf6852a8a18f778.tar.gz |
Add patch for the security vulnerability reported in CVE-2009-0196
taken from Redhat's Bugzilla.
Diffstat (limited to 'print/ghostscript/patches')
-rw-r--r-- | print/ghostscript/patches/patch-aa | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/print/ghostscript/patches/patch-aa b/print/ghostscript/patches/patch-aa new file mode 100644 index 00000000000..1a7e7489722 --- /dev/null +++ b/print/ghostscript/patches/patch-aa @@ -0,0 +1,24 @@ +$NetBSD: patch-aa,v 1.4 2009/04/14 19:32:54 tron Exp $ + +Patch for CVE-2009-0196 taken from Redhat's Bugzilla: + +https://bugzilla.redhat.com/attachment.cgi?id=337747 + +--- jbig2dec/jbig2_symbol_dict.c.orig 2007-12-11 08:29:58.000000000 +0000 ++++ jbig2dec/jbig2_symbol_dict.c 2009-04-14 20:19:01.000000000 +0100 +@@ -699,6 +699,15 @@ + exrunlength = params->SDNUMEXSYMS; + else + code = jbig2_arith_int_decode(IAEX, as, &exrunlength); ++ if (exrunlength > params->SDNUMEXSYMS - j) { ++ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, ++ "runlength too large in export symbol table (%d > %d - %d)\n", ++ exrunlength, params->SDNUMEXSYMS, j); ++ jbig2_sd_release(ctx, SDEXSYMS); ++ /* skip to the cleanup code and return SDEXSYMS = NULL */ ++ SDEXSYMS = NULL; ++ break; ++ } + for(k = 0; k < exrunlength; k++) + if (exflag) { + SDEXSYMS->glyphs[j++] = (i < m) ? |