06de83c3cc
Prevent sign extension on integer promotion that leads to a buffer overflow. Minimal fix from upstream CVS. CVE-2006-2193. prodded by bernd@
33 lines
1.2 KiB
Plaintext
33 lines
1.2 KiB
Plaintext
$OpenBSD: patch-tools_tiff2pdf_c,v 1.1 2006/06/12 17:31:34 naddy Exp $
|
|
--- tools/tiff2pdf.c.orig Sun Jun 11 15:58:06 2006
|
|
+++ tools/tiff2pdf.c Sun Jun 11 16:00:21 2006
|
|
@@ -279,8 +279,8 @@ tsize_t t2p_sample_lab_signed_to_unsigne
|
|
tsize_t t2p_write_pdf_header(T2P*, TIFF*);
|
|
tsize_t t2p_write_pdf_obj_start(uint32, TIFF*);
|
|
tsize_t t2p_write_pdf_obj_end(TIFF*);
|
|
-tsize_t t2p_write_pdf_name(char*, TIFF*);
|
|
-tsize_t t2p_write_pdf_string(char*, TIFF*);
|
|
+tsize_t t2p_write_pdf_name(unsigned char*, TIFF*);
|
|
+tsize_t t2p_write_pdf_string(unsigned char*, TIFF*);
|
|
tsize_t t2p_write_pdf_stream(tdata_t, tsize_t, TIFF*);
|
|
tsize_t t2p_write_pdf_stream_start(TIFF*);
|
|
tsize_t t2p_write_pdf_stream_end(TIFF*);
|
|
@@ -3572,7 +3572,7 @@ tsize_t t2p_write_pdf_obj_end(TIFF* outp
|
|
This function writes a PDF name object to output.
|
|
*/
|
|
|
|
-tsize_t t2p_write_pdf_name(char* name, TIFF* output){
|
|
+tsize_t t2p_write_pdf_name(unsigned char* name, TIFF* output){
|
|
|
|
tsize_t written=0;
|
|
uint32 i=0;
|
|
@@ -3657,7 +3657,7 @@ tsize_t t2p_write_pdf_name(char* name, T
|
|
This function writes a PDF string object to output.
|
|
*/
|
|
|
|
-tsize_t t2p_write_pdf_string(char* pdfstr, TIFF* output){
|
|
+tsize_t t2p_write_pdf_string(unsigned char* pdfstr, TIFF* output){
|
|
|
|
tsize_t written=0;
|
|
uint32 i=0;
|