Package: xdvik-ja
Version: 22.87.05+j1.42-2
Severity: normal
Tags: patch
Dear Maintainer,
xdvik-ja has use-after-free bug. For details, see the patch below.
diff -ru xdvik-ja-22.87.05+j1.42.orig/texk/xdvik/ft2.c
xdvik-ja-22.87.05+j1.42/texk/xdvik/ft2.c
--- xdvik-ja-22.87.05+j1.42.orig/texk/xdvik/ft2.c 2022-01-08
21:31:22.000000000 +0900
+++ xdvik-ja-22.87.05+j1.42/texk/xdvik/ft2.c 2022-01-08 21:32:25.059932304
+0900
@@ -137,11 +137,12 @@
memset(font, 0, sizeof(*font));
ft_error = FT_New_Face(library, fontpath, map->face_index, &font->face);
- free(fontpath);
if (ft_error != 0) {
XDVI_WARNING(( stderr, "FreeType2: Open Font Error (%s). "
"Error code = %d \n", fontpath, ft_error ));
+ free(fontpath);
} else {
+ free(fontpath);
font->encoding = map->encoding;
if (map->encoding == ENC_JIS_V || map->encoding == ENC_UNICODE_V) {
font->ft2vert = ft2vert_init(font->face);
-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.14.0-0.bpo.2-amd64 (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages xdvik-ja depends on:
ii fontconfig 2.13.1-4.2
ii fonts-ipaexfont-gothic [fonts-japanese-gothic] 00401-3
ii fonts-ipaexfont-mincho [fonts-japanese-mincho] 00401-3
ii fonts-ipafont-gothic [fonts-japanese-gothic] 00303-21
ii fonts-ipafont-mincho [fonts-japanese-mincho] 00303-21
ii fonts-vlgothic [fonts-japanese-gothic] 20200720-1
ii libc6 2.31-13+deb11u2
ii libfreetype6 2.10.4+dfsg-1
ii libkpathsea6 2020.20200327.54578-7
ii libx11-6 2:1.7.2-1
ii libxaw7 2:1.0.13-1.1
ii libxi6 2:1.7.10-1
ii libxmu6 2:1.1.2-2+b3
ii libxpm4 1:3.5.12-1
ii libxt6 1:1.2.0-1
ii texlive-binaries 2020.20200327.54578-7
xdvik-ja recommends no packages.
xdvik-ja suggests no packages.
-- no debconf information
