guix/gnu/packages/patches/t1lib-CVE-2010-2642.patch
Efraim Flashner 4f3e02f198
gnu: t1lib: Fix CVE-2010-2642, CVE-2011-{0764, 1552, 1553, 1554}.
* gnu/packages/fontutils.scm (t1lib)[source]: Add patches.
* gnu/packages/patches/t1lib-CVE-2010-2642.patch,
gnu/packages/patches/t1lib-CVE-2011-0764.patch,
gnu/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 12:09:14 +03:00

24 lines
845 B
Diff

diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c
index 6a31d7f..ba64541 100644
--- a/lib/t1lib/parseAFM.c
+++ b/lib/t1lib/parseAFM.c
@@ -199,7 +199,9 @@ static char *token(stream)
idx = 0;
while (ch != EOF && ch != ' ' && ch != CR && ch != LF &&
- ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
+ ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'
+ && idx < (MAX_NAME -1))
+ {
ident[idx++] = ch;
ch = fgetc(stream);
} /* while */
@@ -235,7 +237,7 @@ static char *linetoken(stream)
while ((ch = fgetc(stream)) == ' ' || ch == '\t' );
idx = 0;
- while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z)
+ while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1))
{
ident[idx++] = ch;
ch = fgetc(stream);