transfig/fig2dev-3.2.6a-input-sanitizing.patch

Description: Some input sanitizing when reading FIG files.
Bug-Debian: https://bugs.debian.org/881143
Bug-Debian: https://bugs.debian.org/881144
Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>

--- a/fig2dev/read.c
+++ b/fig2dev/read.c
@@ -1329,8 +1329,14 @@ read_textobject(FILE *fp)
 				| PSFONT_TEXT;
 
 	/* keep the font number reasonable */
-	if (t->font > MAXFONT(t))
+       if (t->font > MAXFONT(t)) {
 		t->font = MAXFONT(t);
+       } else if (t->font < 0 ) {
+               if (psfont_text(t) && t->font < -1)
+                       t->font = -1;
+               else
+                       t->font = 0;
+       }
 	fix_and_note_color(&t->color);
 	t->comments = attach_comments();	/* attach any comments */
 	return t;
--- a/fig2dev/read1_3.c
+++ b/fig2dev/read1_3.c
@@ -470,6 +470,15 @@ read_textobject(FILE *fp)
 	    free((char*) t);
 	    return(NULL);
 	    }
+       /* keep the font number within valid range */
+       if (t->font > MAXFONT(t)) {
+               t->font = MAXFONT(t);
+       } else if (t->font < 0 ) {
+               if (psfont_text(t) && t->font < -1)
+                       t->font = -1;
+               else
+                       t->font = 0;
+       }
 	(void)strcpy(t->cstring, buf);
 	if (t->size == 0) t->size = 18;
 	return(t);