Author: psz Date: Fri Feb 17 18:34:43 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: - security fix: CVE-2006-0301 - rel 4; STBR
---- Files affected: SOURCES: gpdf-cve-2006-0301.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/gpdf-cve-2006-0301.patch diff -u /dev/null SOURCES/gpdf-cve-2006-0301.patch:1.1 --- /dev/null Fri Feb 17 19:34:43 2006 +++ SOURCES/gpdf-cve-2006-0301.patch Fri Feb 17 19:34:38 2006 @@ -0,0 +1,37 @@ +--- gpdf-2.10.0/splash/Splash.cc.orig 2004-05-17 20:10:49.000000000 +0200 ++++ gpdf-2.10.0/splash/Splash.cc 2006-02-17 19:30:17.000000000 +0100 +@@ -734,6 +734,10 @@ + SplashMono1P *mono1; + SplashBGR8P *bgr8; + ++ if ( (unsigned) x >= (unsigned) bitmap->getWidth() || ++ (unsigned) y >= (unsigned) bitmap->getHeight()) ++ return; ++ + if (noClip || state->clip->test(x, y)) { + color = pattern->getColor(x, y); + switch (bitmap->mode) { +@@ -773,6 +777,11 @@ + + n = x1 - x0 + 1; + ++ if ((unsigned) x0 >= (unsigned) bitmap->getWidth() || ++ (unsigned) x1 >= (unsigned) bitmap->getWidth() || ++ (unsigned) y >= (unsigned) bitmap->getHeight()) ++ return; ++ + switch (bitmap->mode) { + case splashModeMono1: + mono1 = &bitmap->data.mono8[y * bitmap->rowSize + (x0 >> 3)]; +@@ -858,6 +867,11 @@ + + n = x1 - x0 + 1; + ++ if ((unsigned) x0 >= (unsigned) bitmap->getWidth() || ++ (unsigned) x1 >= (unsigned) bitmap->getWidth() || ++ (unsigned) y >= (unsigned) bitmap->getHeight()) ++ return; ++ + switch (bitmap->mode) { + case splashModeMono1: + mono1 = &bitmap->data.mono8[y * bitmap->rowSize + (x0 >> 3)]; ================================================================ _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit