transfig/0016-CVE-2020-21531.patch

From d50ae523fcee5c2d4357bbd8ce5baeeb18d15a2c Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Tue, 21 Sep 2021 10:42:50 +0200
Subject: [PATCH] Reject out-of-range pattern

---
 fig2dev/object.h      |  2 +-
 fig2dev/tests/read.at | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/fig2dev/object.h b/fig2dev/object.h
index 8464010..6830b13 100644
--- a/fig2dev/object.h
+++ b/fig2dev/object.h
@@ -61,7 +61,7 @@ typedef struct f_comment {
 	o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE ||		\
 	o->thickness < 0 || o->depth < 0 || o->depth > 999 || 		\
 	o->fill_style < UNFILLED ||					\
-	o->fill_style > NUMSHADES + NUMTINTS + NUMPATTERNS ||		\
+	o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS ||		\
 	o->style_val < 0.0
 
 typedef struct f_ellipse {
diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
index d85356b..7765805 100644
--- a/fig2dev/tests/read.at
+++ b/fig2dev/tests/read.at
@@ -421,15 +421,30 @@ AT_CLEANUP
 
 AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80])
 AT_KEYWORDS([read.c svg])
-AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
+AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig],
+1, ignore, [ASCII NUL ('\0') in line 11.
+])
 AT_CLEANUP
 
 AT_SETUP([reject out of range text angle, ticket #76])
+AT_KEYWORDS([read.c pstricks])
 AT_CHECK([fig2dev -L pstricks <<EOF
 FIG_FILE_TOP
 4 0 0 50 -1 -1 12 9e26 0 150 405 0 0 Very slanted text\001
 EOF
-], 1, ignore, ignore)
+], 1, ignore, [Invalid text object at line 10.
+])
+AT_CLEANUP
+
+AT_SETUP([reject out-of-range pattern fills, ticket #63])
+AT_KEYWORDS([read.c cgm])
+AT_CHECK([fig2dev -L cgm <<EOF
+FIG_FILE_TOP
+2 3 0 0 0 7 50 -1 63 0.000 0 0 -1 0 0 4
+	 0 0 1200 0 600 800 0 0
+EOF
+], 1, ignore, [Invalid line object at line 10.
+])
 AT_CLEANUP
 
 AT_SETUP([allow tex font -1, ticket #81])
-- 
2.31.1