source: projects/specs/trunk/t/texlive/texlive-2009-CVE-2010-0827.patch @ 1973

Revision 1973, 822 bytes checked in by munepi, 14 years ago (diff)

texlive: rebuilt zlib-1.2.5; applied security patches and some patches for libpoppler-0.12
RevLine 
[1973]1---
2 texk/dvipsk/virtualfont.c |    6 +++++-
3 1 file changed, 5 insertions(+), 1 deletion(-)
4
5Index: texlive-bin-2009/texk/dvipsk/virtualfont.c
6===================================================================
7--- texlive-bin-2009.orig/texk/dvipsk/virtualfont.c     2010-05-01 02:12:57.000000000 +0900
8+++ texlive-bin-2009/texk/dvipsk/virtualfont.c  2010-05-01 02:16:19.000000000 +0900
9@@ -36,7 +36,7 @@
10  *   Subroutine vfbyte returns the next byte.
11  */
12 static FILE *vffile ;
13-static char name[50] ;
14+static char name[500] ;
15 void
16 badvf(char *s)
17 {
18@@ -93,6 +93,10 @@
19    if (*d==0)
20       d = vfpath ;
21 #endif
22+   if (strlen(n) + 5 >= sizeof (name)) {
23+     /* 5 for vf() + null */
24+     error("! VF file name too long in vfopen") ;
25+   }
26 #ifdef MVSXA   /* IBM: MVS/XA */
27    (void)sprintf(name, "vf(%s)", n) ;
28 #else
Note: See TracBrowser for help on using the repository browser.