rpms / texlive

Clone
Source Code
GIT

Blame SOURCES/texlive-20180414-CVE-2018-17407.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   fcfc5898667702263831af99e49cf3068789f3f5
  2.   SOURCES
  3.   texlive-20180414-CVE-2018-17407.patch
Blob History Raw
fcfc58 
diff -up texlive-20180414/source/texk/dvipsk/writet1.c.CVE-2018-17407 texlive-20180414/source/texk/dvipsk/writet1.c
fcfc58 
--- texlive-20180414/source/texk/dvipsk/writet1.c.CVE-2018-17407	2018-09-26 08:37:29.964110003 +0100
fcfc58 
+++ texlive-20180414/source/texk/dvipsk/writet1.c	2018-09-26 08:38:06.454784619 +0100
fcfc58 
@@ -1449,7 +1449,9 @@ static void t1_check_unusual_charstring(
fcfc58 
         *(strend(t1_buf_array) - 1) = ' ';
fcfc58
fcfc58 
         t1_getline();
fcfc58 
+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
fcfc58 
         strcat(t1_buf_array, t1_line_array);
fcfc58 
+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
fcfc58 
         strcpy(t1_line_array, t1_buf_array);
fcfc58 
         t1_line_ptr = eol(t1_line_array);
fcfc58 
     }
fcfc58 
diff -up texlive-20180414/source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407 texlive-20180414/source/texk/web2c/luatexdir/font/writet1.w
fcfc58 
--- texlive-20180414/source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407	2018-09-26 08:34:35.340880599 +0100
fcfc58 
+++ texlive-20180414/source/texk/web2c/luatexdir/font/writet1.w	2018-09-26 08:35:45.992187544 +0100
fcfc58 
@@ -1624,8 +1624,10 @@ static void t1_check_unusual_charstring(
fcfc58 
     /* if no number follows "/CharStrings", let's read the next line */
fcfc58 
     if (sscanf(p, "%i", &i) != 1) {
fcfc58 
         strcpy(t1_buf_array, t1_line_array);
fcfc58 
+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
fcfc58 
         t1_getline();
fcfc58 
         strcat(t1_buf_array, t1_line_array);
fcfc58 
+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
fcfc58 
         strcpy(t1_line_array, t1_buf_array);
fcfc58 
         t1_line_ptr = eol(t1_line_array);
fcfc58 
     }
fcfc58 
diff -up texlive-20180414/source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407 texlive-20180414/source/texk/web2c/pdftexdir/writet1.c
fcfc58 
--- texlive-20180414/source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407	2018-09-26 08:36:06.382564736 +0100
fcfc58 
+++ texlive-20180414/source/texk/web2c/pdftexdir/writet1.c	2018-09-26 08:37:12.213781850 +0100
fcfc58 
@@ -1598,7 +1598,9 @@ static void t1_check_unusual_charstring(
fcfc58 
         *(strend(t1_buf_array) - 1) = ' ';
fcfc58
fcfc58 
         t1_getline();
fcfc58 
+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
fcfc58 
         strcat(t1_buf_array, t1_line_array);
fcfc58 
+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
fcfc58 
         strcpy(t1_line_array, t1_buf_array);
fcfc58 
         t1_line_ptr = eol(t1_line_array);
fcfc58 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation