19 lines
632 B
Plaintext
19 lines
632 B
Plaintext
$OpenBSD: patch-backend_dvi_mdvi-lib_dviread_c,v 1.1 2011/01/06 22:55:31 jasper Exp $
|
|
|
|
Security fixes for CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643.
|
|
Patch from upstream git: d4139205b010ed06310d14284e63114e88ec6de2.
|
|
|
|
--- backend/dvi/mdvi-lib/dviread.c.orig Wed Jul 14 09:54:39 2010
|
|
+++ backend/dvi/mdvi-lib/dviread.c Thu Jan 6 23:35:24 2011
|
|
@@ -1537,6 +1537,10 @@ int special(DviContext *dvi, int opcode)
|
|
Int32 arg;
|
|
|
|
arg = dugetn(dvi, opcode - DVI_XXX1 + 1);
|
|
+ if (arg <= 0) {
|
|
+ dvierr(dvi, _("malformed special length\n"));
|
|
+ return -1;
|
|
+ }
|
|
s = mdvi_malloc(arg + 1);
|
|
dread(dvi, s, arg);
|
|
s[arg] = 0;
|