summaryrefslogtreecommitdiff
path: root/dev-tex/tex4ht/files/tex4ht-invalid-read.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-tex/tex4ht/files/tex4ht-invalid-read.patch')
-rw-r--r--dev-tex/tex4ht/files/tex4ht-invalid-read.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/dev-tex/tex4ht/files/tex4ht-invalid-read.patch b/dev-tex/tex4ht/files/tex4ht-invalid-read.patch
new file mode 100644
index 000000000000..0b784f338d2c
--- /dev/null
+++ b/dev-tex/tex4ht/files/tex4ht-invalid-read.patch
@@ -0,0 +1,35 @@
+Avoid invalid read and uninitialized comparisons
+https://bugs.gentoo.org/915782
+https://puszcza.gnu.org.ua/bugs/?611
+
+This backports the following upstream commits:
+
+r1387
+Author: karl
+Date: Thu Oct 12 16:10:29 2023 UTC
+avoid negative index into font_tbl
+
+r1391
+Author: karl
+Date: Fri Oct 13 22:34:24 2023 UTC
+zero htf_4hf array to avoid uninitialized reads
+
+--- tex4ht-1.0.2009_06_11_1038/src/tex4ht.c
++++ tex4ht-1.0.2009_06_11_1038/src/tex4ht.c
+@@ -7039,6 +7039,7 @@
+
+ max_htf_4hf_n = 256;
+ htf_4hf = m_alloc(struct htf_4hf_rec, 256);
++memset (htf_4hf, 0, 256 * sizeof (struct htf_4hf_rec));
+
+
+
+@@ -8738,7 +8739,7 @@
+
+
+ if( span_on && !in_span_ch && !ignore_chs && !in_accenting
+- && (default_font != font_tbl[cur_fnt].num) ){
++ && cur_fnt >= 0 && (default_font != font_tbl[cur_fnt].num) ){
+ if( (ch < 137) && (ch !=
+ 132
+ ) ){
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 19:25:32 +0000