19 lines
630 B
Plaintext
19 lines
630 B
Plaintext
Fix for CVE-2019-19555.
|
|
|
|
- Stack-based buffer overflow in read_textobject()
|
|
|
|
Upstream commit 19db5fe6f77ebad91af4b4ef0defd61bd0bb358f.
|
|
|
|
Index: fig2dev/read.c
|
|
--- fig2dev/read.c.orig
|
|
+++ fig2dev/read.c
|
|
@@ -1328,7 +1328,7 @@ read_textobject(FILE *fp)
|
|
If we do not find the CONTROL-A on this line then this must
|
|
be a multi-line text object and we will have to read more. */
|
|
|
|
- n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%[\1]",
|
|
+ n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]",
|
|
&t->type, &t->font, &t->size, &t->pen,
|
|
&t->color, &t->depth, &t->angle,
|
|
&t->flags, &t->height, &t->length,
|