Author: arekm Date: Fri Jan 18 07:28:56 2008 GMT Module: SOURCES Tag: HEAD ---- Log message: - fix for CVE-2008-0006
---- Files affected: SOURCES: xorg-libXfont-1.3.1-pcf-parser.diff (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/xorg-libXfont-1.3.1-pcf-parser.diff diff -u /dev/null SOURCES/xorg-libXfont-1.3.1-pcf-parser.diff:1.1 --- /dev/null Fri Jan 18 08:28:56 2008 +++ SOURCES/xorg-libXfont-1.3.1-pcf-parser.diff Fri Jan 18 08:28:51 2008 @@ -0,0 +1,24 @@ +diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c +index fd41849..c5db255 100644 +--- a/src/bitmap/pcfread.c ++++ b/src/bitmap/pcfread.c +@@ -588,6 +588,9 @@ pcfReadFont(FontPtr pFont, FontFilePtr file, + pFont->info.lastRow = pcfGetINT16(file, format); + pFont->info.defaultCh = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; ++ if (pFont->info.firstCol > pFont->info.lastCol || ++ pFont->info.firstRow > pFont->info.lastRow || ++ pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail; + + nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) * + (pFont->info.lastRow - pFont->info.firstRow + 1); +@@ -726,6 +729,9 @@ pcfReadFontInfo(FontInfoPtr pFontInfo, FontFilePtr file) + pFontInfo->lastRow = pcfGetINT16(file, format); + pFontInfo->defaultCh = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; ++ if (pFontInfo->firstCol > pFontInfo->lastCol || ++ pFontInfo->firstRow > pFontInfo->lastRow || ++ pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail; + + nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) * + (pFontInfo->lastRow - pFontInfo->firstRow + 1); ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
