rpm/xfig
SHA256
1
0
Fork 0
forked from pool/xfig
Code Pull Requests Activity

.

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/graphics/xfig?expand=0&rev=27
This commit is contained in:
Dr. Werner Fink 2012-09-28 14:13:53 +00:00 committed by Git OBS Bridge
parent ab219aa9de
commit 9a3bb985fd
3 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
xfig.3.2.5b-bnc777469.diff Normal file
View File

@ -0,0 +1,51 @@
--- xfig.3.2.5b/f_readold.c
+++ xfig.3.2.5b/f_readold.c 2009-12-04 10:20:36.000000000 +0000
@@ -471,7 +471,7 @@ read_1_3_textobject(FILE *fp)
F_text *t;
int n;
int dum;
- char buf[128];
+ char buf[512];
PR_SIZE tx_dim;
if ((t = create_text()) == NULL)
@@ -485,22 +485,34 @@ read_1_3_textobject(FILE *fp)
t->pen_style = -1;
t->angle = 0.0;
t->next = NULL;
+ if (!fgets(buf, sizeof(buf), fp)) {
+ file_msg("Incomplete text data");
+ free((char *) t);
+ return (NULL);
+ }
+
+ /* Note using strlen(buf) here will waste a few bytes, as the
+ various text attributes are counted into this length too. */
+ if ((t->cstring = new_string(strlen(buf))) == NULL)
+ return (NULL);
+
/* ascent and length will be recalculated later */
- n = fscanf(fp, " %d %d %d %d %d %d %d %[^\n]",
+ n = sscanf(buf, " %d %d %d %d %d %d %d %[^\n]",
&t->font, &dum, &dum, &t->ascent, &t->length,
- &t->base_x, &t->base_y, buf);
+ &t->base_x, &t->base_y, t->cstring);
if (n != 8) {
file_msg("Incomplete text data");
+ free(t->cstring);
free((char *) t);
return (NULL);
}
- if ((t->cstring = new_string(strlen(buf))) == NULL) {
+
+ if (!strlen(t->cstring)) {
+ free(t->cstring);
free((char *) t);
file_msg("Empty text string at line %d.", line_no);
return (NULL);
}
- /* put string in structure */
- strcpy(t->cstring, buf);
/* get the font struct */
t->zoom = zoomscale;

5
xfig.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Sep 28 14:13:06 UTC 2012 - werner@suse.de
- Fix bnc #777469 - CVE-2009-4227: xfig: stack based overflows
-------------------------------------------------------------------
Thu May 31 07:33:50 UTC 2012 - cfarrell@suse.com

2
xfig.spec
View File

@ -63,6 +63,7 @@ Patch8: xfig.3.2.5b-pspdftex.dif
Patch9: xfig.3.2.5b-libpng14.dif
Patch10: xfig.3.2.5b-preview.dif
Patch11: xfig.3.2.5b-bnc657393.dif
Patch12: xfig.3.2.5b-bnc777469.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)}
%if "%_exec_prefix" == "/usr/X11R6"
@ -111,6 +112,7 @@ find -type f | xargs -r chmod a-x,go-w
%patch9 -p0 -b .libpng14
%patch10 -p0 -b .preview
%patch11 -p0 -b .vsprintf
%patch12 -p1 -b .ovflow
cp %{S:1} .
test ! -e Libraries/Examples/aircraft.fig || { echo forbidden file found 1>&2; exit 1; }