diff options
Diffstat (limited to 'app-text/cuneiform/files/cuneiform-1.1.0-fix_buffer_overflow.patch')
-rw-r--r-- | app-text/cuneiform/files/cuneiform-1.1.0-fix_buffer_overflow.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/app-text/cuneiform/files/cuneiform-1.1.0-fix_buffer_overflow.patch b/app-text/cuneiform/files/cuneiform-1.1.0-fix_buffer_overflow.patch new file mode 100644 index 000000000000..8e9811540cd6 --- /dev/null +++ b/app-text/cuneiform/files/cuneiform-1.1.0-fix_buffer_overflow.patch @@ -0,0 +1,27 @@ +Description: Fix buffer overflow during crash when using user supplied image. +Author: SÅ‚awomir Nizio +Forwarded: no +Last-Update: 2017-04-05 + +--- a/cuneiform_src/Kern/rstr/src/acc_tabs.c ++++ b/cuneiform_src/Kern/rstr/src/acc_tabs.c +@@ -1233,7 +1233,7 @@ if(is_cen_language(language)) + + strcpy(decode_ASCII_to_[(uchar)liga_i ], "_i_"); + strcpy(decode_ASCII_to_[(uchar)liga_exm ], "_!_"); +- strcpy(decode_ASCII_to_[(uchar)liga_inv_exm], "_!!_"); ++ strcpy(decode_ASCII_to_[(uchar)liga_inv_exm], "_!_"); + strcpy(decode_ASCII_to_[(uchar)right_quocket], "\xbb"); + strcpy(decode_ASCII_to_[(uchar)liga_CC ], "\xa9"); + strcpy(decode_ASCII_to_[(uchar)liga_CR ], "\xae"); +--- a/cuneiform_src/Kern/rstr/src/match_wd.c ++++ b/cuneiform_src/Kern/rstr/src/match_wd.c +@@ -484,7 +484,7 @@ + str_raster->w=(int32_t)(right-left); + str_raster->h=(int32_t)(bottom-top); + +- if (str_raster->w > LINE_WIDTH || str_raster->h > LINE_HEIGHT) ++ if ((str_raster->w+7) > LINE_WIDTH || str_raster->h > LINE_HEIGHT) + return FALSE; + + memset(&str_raster->pict,0,(str_raster->w+7)/8*str_raster->h); |