| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- CVE-2010-2642, CVE-2011-0433 and CVE-2011-5244
- CVE-2010-2642:
- ==============
- Upstream-Bug: https://bugzilla.gnome.org/show_bug.cgi?id=643882
- Upstream-Fix: https://git.gnome.org/browse/evince/commit/?id=efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5
- CVE-2011-0433:
- ==============
- Upstream-Bug: https://bugzilla.gnome.org/show_bug.cgi?id=640923
- Upstream-Fix: https://git.gnome.org/browse/evince/commit/?id=439c5070022eab6cef7266aab47f978058012c72
- CVE-2011-5244:
- ==============
- Upstream-Bug: https://bugzilla.gnome.org/show_bug.cgi?id=643882
- Upstream-Fix: https://git.gnome.org/browse/evince/commit/?id=efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5
- Origin: https://bugs.debian.org/652996
- diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c
- index 6a31d7f..ba64541 100644
- --- a/lib/t1lib/parseAFM.c
- +++ b/lib/t1lib/parseAFM.c
- @@ -199,7 +199,9 @@ static char *token(stream)
- idx = 0;
-
- while (ch != EOF && ch != ' ' && ch != CR && ch != LF &&
- - ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
- + ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'
- + && idx < (MAX_NAME -1))
- + {
- ident[idx++] = ch;
- ch = fgetc(stream);
- } /* while */
- @@ -235,7 +237,7 @@ static char *linetoken(stream)
- while ((ch = fgetc(stream)) == ' ' || ch == '\t' );
-
- idx = 0;
- - while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z)
- + while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1))
- {
- ident[idx++] = ch;
- ch = fgetc(stream);
|
