18 lines
731 B
Plaintext
18 lines
731 B
Plaintext
$OpenBSD: patch-backend_dvi_mdvi-lib_tfmfile_c,v 1.1 2011/01/06 22:55:31 jasper Exp $
|
|
|
|
Security fixes for CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643.
|
|
Patch from upstream git: d4139205b010ed06310d14284e63114e88ec6de2.
|
|
|
|
--- backend/dvi/mdvi-lib/tfmfile.c.orig Wed Jul 14 09:54:39 2010
|
|
+++ backend/dvi/mdvi-lib/tfmfile.c Thu Jan 6 23:35:24 2011
|
|
@@ -172,7 +172,8 @@ int tfm_load_file(const char *filename, TFMInfo *info)
|
|
/* We read the entire TFM file into core */
|
|
if(fstat(fileno(in), &st) < 0)
|
|
return -1;
|
|
- if(st.st_size == 0)
|
|
+ /* according to the spec, TFM files are smaller than 16K */
|
|
+ if(st.st_size == 0 || st.st_size >= 16384)
|
|
goto bad_tfm;
|
|
|
|
/* allocate a word-aligned buffer to hold the file */
|