transfig/SOURCES/0014-CVE-2020-21529.patch

From 2397ae3bb903f59a017c8ec9db87164048b86827 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 20 Sep 2021 08:31:22 +0200
Subject: [PATCH] Keep coordinates of spline controls within sane range

---
 fig2dev/read.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/fig2dev/read.c b/fig2dev/read.c
index 6e47f2d..349a685 100644
--- a/fig2dev/read.c
+++ b/fig2dev/read.c
@@ -1392,6 +1392,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len,
 		cp->next = NULL;
 		free_splinestorage(s);
 		return NULL;
+	    }
+		if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN || ly > INT_MAX ||
+		rx < INT_MIN || rx > INT_MAX || ry < INT_MIN || ry > INT_MAX) {
+		    /* do not care to clean up, we exit anyway
+		       cp->next = NULL;
+		       free_splinestorage(s);	*/
+		    put_msg("Spline control points out of range at line %d.",
+				    *line_no);
+		    exit(EXIT_FAILURE);
 	    }
 	    cq->lx = lx; cq->ly = ly;
 	    cq->rx = rx; cq->ry = ry;
-- 
2.31.1