[pkg-kde-commits] rev 2666 - in trunk/packages/koffice/debian: .
patches
Isaac Clerencia
isaac at costa.debian.org
Mon Dec 19 15:12:49 UTC 2005
Author: isaac
Date: 2005-12-19 15:12:31 +0000 (Mon, 19 Dec 2005)
New Revision: 2666
Added:
trunk/packages/koffice/debian/patches/01_koffice_branch_r489703.diff
Modified:
trunk/packages/koffice/debian/changelog
Log:
Yet another branch pull to fix security thing
Modified: trunk/packages/koffice/debian/changelog
===================================================================
--- trunk/packages/koffice/debian/changelog 2005-12-19 00:22:49 UTC (rev 2665)
+++ trunk/packages/koffice/debian/changelog 2005-12-19 15:12:31 UTC (rev 2666)
@@ -1,3 +1,9 @@
+koffice (1:1.4.2-6) unstable; urgency=low
+
+ * Yet another branch pull to fix #342294.
+
+ -- Isaac Clerencia <isaac at debian.org> Mon, 19 Dec 2005 16:10:27 +0100
+
koffice (1:1.4.2-5) unstable; urgency=low
* koffice branch pull, adding missing bit to completely fix #342294.
Added: trunk/packages/koffice/debian/patches/01_koffice_branch_r489703.diff
===================================================================
--- trunk/packages/koffice/debian/patches/01_koffice_branch_r489703.diff 2005-12-19 00:22:49 UTC (rev 2665)
+++ trunk/packages/koffice/debian/patches/01_koffice_branch_r489703.diff 2005-12-19 15:12:31 UTC (rev 2666)
@@ -0,0 +1,87 @@
+#DPATCHLEVEL=0
+--- filters/kword/pdf/xpdf/xpdf/JBIG2Stream.cc (revision 488386)
++++ filters/kword/pdf/xpdf/xpdf/JBIG2Stream.cc (revision 489703)
+@@ -979,13 +979,14 @@
+ h = hA;
+ line = (wA + 7) >> 3;
+
+- if (h < 0 || line <= 0 || h >= INT_MAX / line) {
++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1)/ line) {
+ error(-1, "invalid width/height");
+ data = NULL;
+ return;
+ }
+
+- data = (Guchar *)gmalloc(h * line);
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)gmalloc(h * line + 1);
+ }
+
+ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap):
+@@ -995,13 +996,14 @@
+ h = bitmap->h;
+ line = bitmap->line;
+
+- if (h < 0 || line <= 0 || h >= INT_MAX / line) {
++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
+ error(-1, "invalid width/height");
+ data = NULL;
+ return;
+ }
+
+- data = (Guchar *)gmalloc(h * line);
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)gmalloc(h * line + 1);
+ memcpy(data, bitmap->data, h * line);
+ }
+
+@@ -1027,13 +1029,14 @@
+ }
+
+ void JBIG2Bitmap::expand(int newH, Guint pixel) {
+- if (newH <= h || line <= 0 || newH >= INT_MAX / line) {
++ if (newH <= h || line <= 0 || newH >= (INT_MAX-1) / line) {
+ error(-1, "invalid width/height");
+ gfree(data);
+ data = NULL;
+ return;
+ }
+- data = (Guchar *)grealloc(data, newH * line);
++ /* need to allocate one extra guard byte for use in combine() */
++ data = (Guchar *)grealloc(data, newH * line + 1);
+ if (pixel) {
+ memset(data + h * line, 0xff, (newH - h) * line);
+ } else {
+@@ -2257,6 +2260,11 @@
+
+ strips = 1 << logStrips;
+
++ if (w < 0 || h <= 0 || w >= INT_MAX / h) {
++ error(-1, "invalid width/height");
++ return NULL;
++ }
++
+ // allocate the bitmap
+ bitmap = new JBIG2Bitmap(0, w, h);
+ if (defPixel) {
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc (revision 488386)
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc (revision 489703)
+@@ -419,7 +419,7 @@
+ return;
+
+ nVals = width * nComps;
+- if (nVals + 7 <= 0)
++ if (nVals * nBits + 7 <= 0)
+ return;
+
+ pixBytes = (nComps * nBits + 7) >> 3;
+@@ -1247,8 +1247,7 @@
+ endOfLine = endOfLineA;
+ byteAlign = byteAlignA;
+ columns = columnsA;
+- if (columns < 1 || columns + 2 < 0 || columns + 3 < 0 ||
+- (columns + 2) >= INT_MAX / sizeof(short) || (columns + 3) >= INT_MAX / sizeof(short)) {
++ if (columns < 1 || columns >= INT_MAX / sizeof(short)) {
+ error(-1, "invalid number of columns");
+ exit(1);
+ }
More information about the pkg-kde-commits
mailing list