diff options
Diffstat (limited to 'print/ghostscript/patches/patch-aa')
-rw-r--r-- | print/ghostscript/patches/patch-aa | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/print/ghostscript/patches/patch-aa b/print/ghostscript/patches/patch-aa deleted file mode 100644 index 1a7e7489722..00000000000 --- a/print/ghostscript/patches/patch-aa +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-aa,v 1.4 2009/04/14 19:32:54 tron Exp $ - -Patch for CVE-2009-0196 taken from Redhat's Bugzilla: - -https://bugzilla.redhat.com/attachment.cgi?id=337747 - ---- jbig2dec/jbig2_symbol_dict.c.orig 2007-12-11 08:29:58.000000000 +0000 -+++ jbig2dec/jbig2_symbol_dict.c 2009-04-14 20:19:01.000000000 +0100 -@@ -699,6 +699,15 @@ - exrunlength = params->SDNUMEXSYMS; - else - code = jbig2_arith_int_decode(IAEX, as, &exrunlength); -+ if (exrunlength > params->SDNUMEXSYMS - j) { -+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, -+ "runlength too large in export symbol table (%d > %d - %d)\n", -+ exrunlength, params->SDNUMEXSYMS, j); -+ jbig2_sd_release(ctx, SDEXSYMS); -+ /* skip to the cleanup code and return SDEXSYMS = NULL */ -+ SDEXSYMS = NULL; -+ break; -+ } - for(k = 0; k < exrunlength; k++) - if (exflag) { - SDEXSYMS->glyphs[j++] = (i < m) ? |