[Pkg-cups-devel] r53 - cupsys/trunk/debian/patches

Kenshi Muto kmuto at costa.debian.org
Tue Dec 13 00:24:25 UTC 2005


Author: kmuto
Date: Tue Dec 13 00:24:24 2005
New Revision: 53

Modified:
   cupsys/trunk/debian/patches/48_security_CAN-2005-3191.dpatch
Log:
recommit 48_security

Modified: cupsys/trunk/debian/patches/48_security_CAN-2005-3191.dpatch
==============================================================================
--- cupsys/trunk/debian/patches/48_security_CAN-2005-3191.dpatch	(original)
+++ cupsys/trunk/debian/patches/48_security_CAN-2005-3191.dpatch	Tue Dec 13 00:24:24 2005
@@ -1,145 +1,134 @@
 #! /bin/sh /usr/share/dpatch/dpatch-run
-## 48_security_CAN-2005-3191.dpatch by Kenshi Muto <kmuto at debian.org>
+## 46_security_CAN-2005-3191.dpatch by Joey Schulze <joey at infodrom.org>
 ##
 ## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
+## DP: Fixes buffer overflows, denoted as CAN-2005-3191 and CAN-2005-3192
 
 @DPATCH@
-diff -urNad cupsys-1.1.23~/debian/patches/46_security_CAN-2005-3191.dpatch cupsys-1.1.23/debian/patches/46_security_CAN-2005-3191.dpatch
---- cupsys-1.1.23~/debian/patches/46_security_CAN-2005-3191.dpatch	1970-01-01 09:00:00.000000000 +0900
-+++ cupsys-1.1.23/debian/patches/46_security_CAN-2005-3191.dpatch	2005-12-13 09:12:48.000000000 +0900
-@@ -0,0 +1,134 @@
-+#! /bin/sh /usr/share/dpatch/dpatch-run
-+## 46_security_CAN-2005-3191.dpatch by Joey Schulze <joey at infodrom.org>
-+##
-+## All lines beginning with `## DP:' are a description of the patch.
-+## DP: Fixes buffer overflows, denoted as CAN-2005-3191 and CAN-2005-3192
+--- cupsys-1.1.23/pdftops/Stream.cxx.orig	2004-02-02 23:41:09.000000000 +0100
++++ cupsys-1.1.23/pdftops/Stream.cxx	2005-12-12 10:41:38.000000000 +0100
+@@ -15,6 +15,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stddef.h>
++#include <limits.h>
+ #ifndef WIN32
+ #include <unistd.h>
+ #endif
+@@ -404,18 +405,41 @@ void ImageStream::skipLine() {
+ 
+ StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
+ 				 int widthA, int nCompsA, int nBitsA) {
++  int totalBits;
 +
-+ at DPATCH@
-+--- cupsys-1.1.23/pdftops/Stream.cxx.orig	2004-02-02 23:41:09.000000000 +0100
-++++ cupsys-1.1.23/pdftops/Stream.cxx	2005-12-12 10:41:38.000000000 +0100
-+@@ -15,6 +15,7 @@
-+ #include <stdio.h>
-+ #include <stdlib.h>
-+ #include <stddef.h>
-++#include <limits.h>
-+ #ifndef WIN32
-+ #include <unistd.h>
-+ #endif
-+@@ -404,18 +405,41 @@ void ImageStream::skipLine() {
-+ 
-+ StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
-+ 				 int widthA, int nCompsA, int nBitsA) {
-++  int totalBits;
-++
-+   str = strA;
-+   predictor = predictorA;
-+   width = widthA;
-+   nComps = nCompsA;
-+   nBits = nBitsA;
-++  predLine = NULL;
-++  ok = gFalse;
-+ 
-++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-++      nComps >= INT_MAX/nBits ||
-++      width >= INT_MAX/nComps/nBits) {
-++    return;
-++  }
-+   nVals = width * nComps;
-++  if (nVals + 7 <= 0) {
-++    return;
-++  }
-++  totalBits = nVals * nBits;
-++  if (totalBits == 0 ||
-++      (totalBits / nBits) / nComps != width ||
-++      totalBits + 7 < 0) {
-++    return;
-++  }
-+   pixBytes = (nComps * nBits + 7) >> 3;
-+-  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-++  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
-++  if (rowBytes < 0) {
-++    return;
-++  }
-+   predLine = (Guchar *)gmalloc(rowBytes);
-+   memset(predLine, 0, rowBytes);
-+   predIdx = rowBytes;
-++
-++  ok = gTrue;
-+ }
-+ 
-+ StreamPredictor::~StreamPredictor() {
-+@@ -991,6 +1015,10 @@ LZWStream::LZWStream(Stream *strA, int p
-+     FilterStream(strA) {
-+   if (predictor != 1) {
-+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
-++    if (!pred->isOk()) {
-++      delete pred;
-++      pred = NULL;
-++    }
-+   } else {
-+     pred = NULL;
-+   }
-+@@ -2891,6 +2919,10 @@ GBool DCTStream::readBaselineSOF() {
-+   height = read16();
-+   width = read16();
-+   numComps = str->getChar();
-++  if (numComps <= 0 || numComps > 4) {
-++    error(getPos(), "Bad number of components in DCT stream", prec);
-++    return gFalse;
-++  }
-+   if (prec != 8) {
-+     error(getPos(), "Bad DCT precision %d", prec);
-+     return gFalse;
-+@@ -2917,6 +2949,10 @@ GBool DCTStream::readProgressiveSOF() {
-+   height = read16();
-+   width = read16();
-+   numComps = str->getChar();
-++  if (numComps <= 0 || numComps > 4) {
-++    error(getPos(), "Bad number of components in DCT stream");
-++    return gFalse;
-++  }
-+   if (prec != 8) {
-+     error(getPos(), "Bad DCT precision %d", prec);
-+     return gFalse;
-+@@ -2939,6 +2975,10 @@ GBool DCTStream::readScanInfo() {
-+ 
-+   length = read16() - 2;
-+   scanInfo.numComps = str->getChar();
-++  if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
-++    error(getPos(), "Bad number of components in DCT stream");
-++    return gFalse;
-++  }
-+   --length;
-+   if (length != 2 * scanInfo.numComps + 3) {
-+     error(getPos(), "Bad DCT scan info block");
-+@@ -3249,6 +3289,10 @@ FlateStream::FlateStream(Stream *strA, i
-+     FilterStream(strA) {
-+   if (predictor != 1) {
-+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
-++    if (!pred->isOk()) {
-++      delete pred;
-++      pred = NULL;
-++    }
-+   } else {
-+     pred = NULL;
-+   }
-+--- cupsys-1.1.23/pdftops/Stream.h.orig	2004-02-02 23:41:09.000000000 +0100
-++++ cupsys-1.1.23/pdftops/Stream.h	2005-12-12 10:41:38.000000000 +0100
-+@@ -231,6 +231,8 @@ public:
-+ 
-+   ~StreamPredictor();
-+ 
-++  GBool isOk() { return ok; }
-++
-+   int lookChar();
-+   int getChar();
-+ 
-+@@ -248,6 +250,7 @@ private:
-+   int rowBytes;			// bytes per line
-+   Guchar *predLine;		// line buffer
-+   int predIdx;			// current index in predLine
-++  GBool ok;
-+ };
-+ 
-+ //------------------------------------------------------------------------
+   str = strA;
+   predictor = predictorA;
+   width = widthA;
+   nComps = nCompsA;
+   nBits = nBitsA;
++  predLine = NULL;
++  ok = gFalse;
+ 
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++      nComps >= INT_MAX/nBits ||
++      width >= INT_MAX/nComps/nBits) {
++    return;
++  }
+   nVals = width * nComps;
++  if (nVals + 7 <= 0) {
++    return;
++  }
++  totalBits = nVals * nBits;
++  if (totalBits == 0 ||
++      (totalBits / nBits) / nComps != width ||
++      totalBits + 7 < 0) {
++    return;
++  }
+   pixBytes = (nComps * nBits + 7) >> 3;
+-  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
++  if (rowBytes < 0) {
++    return;
++  }
+   predLine = (Guchar *)gmalloc(rowBytes);
+   memset(predLine, 0, rowBytes);
+   predIdx = rowBytes;
++
++  ok = gTrue;
+ }
+ 
+ StreamPredictor::~StreamPredictor() {
+@@ -991,6 +1015,10 @@ LZWStream::LZWStream(Stream *strA, int p
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (!pred->isOk()) {
++      delete pred;
++      pred = NULL;
++    }
+   } else {
+     pred = NULL;
+   }
+@@ -2891,6 +2919,10 @@ GBool DCTStream::readBaselineSOF() {
+   height = read16();
+   width = read16();
+   numComps = str->getChar();
++  if (numComps <= 0 || numComps > 4) {
++    error(getPos(), "Bad number of components in DCT stream", prec);
++    return gFalse;
++  }
+   if (prec != 8) {
+     error(getPos(), "Bad DCT precision %d", prec);
+     return gFalse;
+@@ -2917,6 +2949,10 @@ GBool DCTStream::readProgressiveSOF() {
+   height = read16();
+   width = read16();
+   numComps = str->getChar();
++  if (numComps <= 0 || numComps > 4) {
++    error(getPos(), "Bad number of components in DCT stream");
++    return gFalse;
++  }
+   if (prec != 8) {
+     error(getPos(), "Bad DCT precision %d", prec);
+     return gFalse;
+@@ -2939,6 +2975,10 @@ GBool DCTStream::readScanInfo() {
+ 
+   length = read16() - 2;
+   scanInfo.numComps = str->getChar();
++  if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
++    error(getPos(), "Bad number of components in DCT stream");
++    return gFalse;
++  }
+   --length;
+   if (length != 2 * scanInfo.numComps + 3) {
+     error(getPos(), "Bad DCT scan info block");
+@@ -3249,6 +3289,10 @@ FlateStream::FlateStream(Stream *strA, i
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (!pred->isOk()) {
++      delete pred;
++      pred = NULL;
++    }
+   } else {
+     pred = NULL;
+   }
+--- cupsys-1.1.23/pdftops/Stream.h.orig	2004-02-02 23:41:09.000000000 +0100
++++ cupsys-1.1.23/pdftops/Stream.h	2005-12-12 10:41:38.000000000 +0100
+@@ -231,6 +231,8 @@ public:
+ 
+   ~StreamPredictor();
+ 
++  GBool isOk() { return ok; }
++
+   int lookChar();
+   int getChar();
+ 
+@@ -248,6 +250,7 @@ private:
+   int rowBytes;			// bytes per line
+   Guchar *predLine;		// line buffer
+   int predIdx;			// current index in predLine
++  GBool ok;
+ };
+ 
+ //------------------------------------------------------------------------



More information about the Pkg-cups-devel mailing list