1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
$NetBSD: patch-ak,v 1.2 2012/01/10 19:21:16 drochner Exp $
CVE-2011-0764
--- lib/type1/lines.c.orig 2007-12-23 15:49:42.000000000 +0000
+++ lib/type1/lines.c
@@ -67,6 +67,10 @@ This module provides the following entry
None.
*/
+#define BITS (sizeof(LONG)*8)
+#define HIGHTEST(p) (((p)>>(BITS-2)) != 0) /* includes sign bit */
+#define TOOBIG(xy) ((xy < 0) ? HIGHTEST(-xy) : HIGHTEST(xy))
+
/*
:h2.StepLine() - Produces Run Ends for a Line After Checks
@@ -84,6 +88,9 @@ void StepLine(R, x1, y1, x2, y2)
IfTrace4((LineDebug > 0), ".....StepLine: (%d,%d) to (%d,%d)\n",
x1, y1, x2, y2);
+ if ( TOOBIG(x1) || TOOBIG(x2) || TOOBIG(y1) || TOOBIG(y2))
+ abort("Lines this big not supported", 49);
+
dy = y2 - y1;
/*
|
