diff options
Diffstat (limited to 'x11/xorg-libs/patches/patch-cg')
| -rw-r--r-- | x11/xorg-libs/patches/patch-cg | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/x11/xorg-libs/patches/patch-cg b/x11/xorg-libs/patches/patch-cg new file mode 100644 index 00000000000..3e760ec4252 --- /dev/null +++ b/x11/xorg-libs/patches/patch-cg @@ -0,0 +1,27 @@ +$NetBSD: patch-cg,v 1.1.2.2 2006/09/16 10:27:05 salo Exp $ + +Fixes for CVE-2006-2006-3739 and CVE-2006-3740. + +--- lib/font/Type1/afm.c.orig 2006-09-13 14:17:16.000000000 +0200 ++++ lib/font/Type1/afm.c +@@ -29,6 +29,7 @@ + #include <stdio.h> + #include <string.h> + #include <stdlib.h> ++#include <limits.h> + #else + #include "Xmd.h" /* For INT32 declaration */ + #include "Xdefs.h" /* For Bool */ +@@ -118,6 +119,12 @@ int CIDAFM(FILE *fd, FontInfo **pfi) { + + fi->nChars = atoi(p); + ++ if (fi->nChars < 0 || fi->nChars > INT_MAX / sizeof(Metrics)) { ++ xfree(afmbuf); ++ xfree(fi); ++ return(1); ++ } ++ + fi->metrics = (Metrics *)xalloc(fi->nChars * + sizeof(Metrics)); + if (fi->metrics == NULL) { |