1206db636e
Add patch fixing CVE-2017-16899 (rhbz#1515695)
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
diff -up fig2dev-3.2.6a/fig2dev/read.c.orig fig2dev-3.2.6a/fig2dev/read.c
|
|
--- fig2dev-3.2.6a/fig2dev/read.c.orig 2017-01-07 23:01:19.000000000 +0100
|
|
+++ fig2dev-3.2.6a/fig2dev/read.c 2017-11-21 15:17:31.195643198 +0100
|
|
@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp)
|
|
| PSFONT_TEXT;
|
|
|
|
/* keep the font number reasonable */
|
|
- if (t->font > MAXFONT(t))
|
|
+ if (t->font > MAXFONT(t)) {
|
|
t->font = MAXFONT(t);
|
|
+ } else if (t->font < 0 ) {
|
|
+ if (psfont_text(t) && t->font < -1)
|
|
+ t->font = -1;
|
|
+ else
|
|
+ t->font = 0;
|
|
+ }
|
|
fix_and_note_color(&t->color);
|
|
t->comments = attach_comments(); /* attach any comments */
|
|
return t;
|
|
diff -up fig2dev-3.2.6a/fig2dev/read1_3.c.orig fig2dev-3.2.6a/fig2dev/read1_3.c
|
|
--- fig2dev-3.2.6a/fig2dev/read1_3.c.orig 2016-08-19 21:34:38.000000000 +0200
|
|
+++ fig2dev-3.2.6a/fig2dev/read1_3.c 2017-11-21 15:17:31.196643206 +0100
|
|
@@ -470,6 +470,15 @@ read_textobject(FILE *fp)
|
|
free((char*) t);
|
|
return(NULL);
|
|
}
|
|
+ /* keep the font number within valid range */
|
|
+ if (t->font > MAXFONT(t)) {
|
|
+ t->font = MAXFONT(t);
|
|
+ } else if (t->font < 0 ) {
|
|
+ if (psfont_text(t) && t->font < -1)
|
|
+ t->font = -1;
|
|
+ else
|
|
+ t->font = 0;
|
|
+ }
|
|
(void)strcpy(t->cstring, buf);
|
|
if (t->size == 0) t->size = 18;
|
|
return(t);
|