diff options
author | leot <leot@pkgsrc.org> | 2016-08-03 08:50:17 +0000 |
---|---|---|
committer | leot <leot@pkgsrc.org> | 2016-08-03 08:50:17 +0000 |
commit | fbbd78c90bfc6feb954905a3fd8b38469823b115 (patch) | |
tree | 0b4db5513a017df80515d63961a53e4e23b2eba7 /print/mupdf/patches | |
parent | c9b35b3b4dc154e5d91cadd9ccf742ecbeb5f24a (diff) | |
download | pkgsrc-fbbd78c90bfc6feb954905a3fd8b38469823b115.tar.gz |
Fix possible heap corruption (via upstream bug 696954).
Bump PKGREVISION
Diffstat (limited to 'print/mupdf/patches')
-rw-r--r-- | print/mupdf/patches/patch-source_pdf_pdf-shade.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/print/mupdf/patches/patch-source_pdf_pdf-shade.c b/print/mupdf/patches/patch-source_pdf_pdf-shade.c new file mode 100644 index 00000000000..15161742fef --- /dev/null +++ b/print/mupdf/patches/patch-source_pdf_pdf-shade.c @@ -0,0 +1,15 @@ +$NetBSD: patch-source_pdf_pdf-shade.c,v 1.1 2016/08/03 08:50:17 leot Exp $ + +Fix possible heap corruption vulnerability (via upstream bug 696954). + +--- source/pdf/pdf-shade.c.orig 2016-04-21 11:14:32.000000000 +0000 ++++ source/pdf/pdf-shade.c +@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pd + obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode); + if (pdf_array_len(ctx, obj) >= 6) + { +- n = (pdf_array_len(ctx, obj) - 4) / 2; ++ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2); + shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0)); + shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1)); + shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2)); |