1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-25 04:43:33 +00:00

- Add libxpdf security patches

- Add SHA256 checksums

PR:		ports/90067
Submitted by:	mnag
Security:	CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
This commit is contained in:
Hiroki Sato 2005-12-07 15:00:04 +00:00
parent bc6045c0fb
commit f52abe7582
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=150597
3 changed files with 122 additions and 1 deletions

View File

@ -7,7 +7,7 @@
PORTNAME= teTeX-base
PORTVERSION= 3.0
PORTREVISION= 5
PORTREVISION= 6
CATEGORIES= print
MASTER_SITES= ${MASTER_SITE_TEX_CTAN} \
ftp://ftp.ascii.co.jp/pub/TeX/ascii-ptex/dvips/:1

View File

@ -1,2 +1,3 @@
MD5 (teTeX/tetex-src-3.0.tar.gz) = 944a4641e79e61043fdaf8f38ecbb4b3
SHA256 (teTeX/tetex-src-3.0.tar.gz) = 9c0f7eaeb5ba6dc6f66433404d264941bf95cded2fa798b1f7a9dd580c21649b
SIZE (teTeX/tetex-src-3.0.tar.gz) = 12749314

View File

@ -0,0 +1,120 @@
--- libs/xpdf/xpdf/JPXStream.cc.orig Mon May 17 15:11:49 2004
+++ libs/xpdf/xpdf/JPXStream.cc Tue Dec 6 18:07:18 2005
@@ -666,7 +666,7 @@
int segType;
GBool haveSIZ, haveCOD, haveQCD, haveSOT;
Guint precinctSize, style;
- Guint segLen, capabilities, comp, i, j, r;
+ Guint segLen, capabilities, nTiles, comp, i, j, r;
//----- main header
haveSIZ = haveCOD = haveQCD = haveSOT = gFalse;
@@ -701,8 +701,13 @@
/ img.xTileSize;
img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
/ img.yTileSize;
- img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles *
- sizeof(JPXTile));
+ nTiles = img.nXTiles * img.nYTiles;
+ // check for overflow before allocating memory
+ if (nTiles == 0 || nTiles / img.nXTiles != img.nYTiles) {
+ error(getPos(), "Bad tile count in JPX SIZ marker segment");
+ return gFalse;
+ }
+ img.tiles = (JPXTile *)gmalloc(nTiles * sizeof(JPXTile));
for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps *
sizeof(JPXTileComp));
--- libs/xpdf/xpdf/Stream.cc.orig Mon May 17 16:37:57 2004
+++ libs/xpdf/xpdf/Stream.cc Tue Dec 6 18:05:14 2005
@@ -407,18 +407,33 @@
StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
int widthA, int nCompsA, int nBitsA) {
+ int totalBits;
+
str = strA;
predictor = predictorA;
width = widthA;
nComps = nCompsA;
nBits = nBitsA;
+ predLine = NULL;
+ ok = gFalse;
nVals = width * nComps;
+ totalBits = nVals * nBits;
+ if (totalBits == 0 ||
+ (totalBits / nBits) / nComps != width ||
+ totalBits + 7 < 0) {
+ return;
+ }
pixBytes = (nComps * nBits + 7) >> 3;
- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+ rowBytes = ((totalBits + 7) >> 3) + pixBytes;
+ if (rowBytes < 0) {
+ return;
+ }
predLine = (Guchar *)gmalloc(rowBytes);
memset(predLine, 0, rowBytes);
predIdx = rowBytes;
+
+ ok = gTrue;
}
StreamPredictor::~StreamPredictor() {
@@ -1012,6 +1027,10 @@
FilterStream(strA) {
if (predictor != 1) {
pred = new StreamPredictor(this, predictor, columns, colors, bits);
+ if (!pred->isOk()) {
+ delete pred;
+ pred = NULL;
+ }
} else {
pred = NULL;
}
@@ -2897,6 +2916,14 @@
height = read16();
width = read16();
numComps = str->getChar();
+ if (numComps <= 0 || numComps > 4) {
+ error(getPos(), "Bad number of components in DCT stream", prec);
+ return gFalse;
+ }
+ if (numComps <= 0 || numComps > 4) {
+ error(getPos(), "Bad number of components in DCT stream", prec);
+ return gFalse;
+ }
if (prec != 8) {
error(getPos(), "Bad DCT precision %d", prec);
return gFalse;
@@ -3255,6 +3282,10 @@
FilterStream(strA) {
if (predictor != 1) {
pred = new StreamPredictor(this, predictor, columns, colors, bits);
+ if (!pred->isOk()) {
+ delete pred;
+ pred = NULL;
+ }
} else {
pred = NULL;
}
--- libs/xpdf/xpdf/Stream.h.orig Mon May 17 16:37:57 2004
+++ libs/xpdf/xpdf/Stream.h Tue Dec 6 18:05:14 2005
@@ -233,6 +233,8 @@
~StreamPredictor();
+ GBool isOk() { return ok; }
+
int lookChar();
int getChar();
@@ -250,6 +252,7 @@
int rowBytes; // bytes per line
Guchar *predLine; // line buffer
int predIdx; // current index in predLine
+ GBool ok;
};
//------------------------------------------------------------------------