diff options
Diffstat (limited to 'debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch')
| -rw-r--r-- | debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch b/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch index 04910353c..9ea330101 100644 --- a/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch +++ b/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch @@ -1,4 +1,4 @@ -From 6acafc9334828da22446380c81af81bde14b5d86 Mon Sep 17 00:00:00 2001 +From 36368e658a2b83753230af5296978ce27f468d8b Mon Sep 17 00:00:00 2001 From: Joerg Sonnenberger <joerg@britannica.bec.de> Date: Sun, 21 Aug 2011 18:51:53 +0200 Subject: [PATCH 02/02] Do proper input validation to fix for CVE-2011-2895. @@ -9,6 +9,7 @@ validation of the LZW stream and doesn't pessimize the inner loop for no good reason. It's derived from a change in libarchive from 2004. v2: backports to nx-libs 3.6.x (Mihai Moldovan) +v3: fix comment lines starting with "+" + whitespace fixes (Mike Gabriel) Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by: Tomas Hoger <thoger@redhat.com> --- @@ -16,7 +17,7 @@ Reviewed-by: Tomas Hoger <thoger@redhat.com> 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c -index 553b315..12b9f0a 100644 +index 553b315..c7e649f 100644 --- a/nx-X11/lib/font/fontfile/decompress.c +++ b/nx-X11/lib/font/fontfile/decompress.c @@ -99,7 +99,7 @@ static char_type magic_header[] = { "\037\235" }; /* 1F 9D */ @@ -78,12 +79,12 @@ index 553b315..12b9f0a 100644 code = oldcode; } - -++ /* -++ * The above condition ensures that code < free_ent. -++ * The construction of tab_prefixof in turn guarantees that -++ * each iteration decreases code and therefore stack usage is -++ * bound by 1 << BITS - 256. -++ */ ++ /* ++ * The above condition ensures that code < free_ent. ++ * The construction of tab_prefixof in turn guarantees that ++ * each iteration decreases code and therefore stack usage is ++ * bound by 1 << BITS - 256. ++ */ + /* * Generate output characters in reverse order @@ -100,7 +101,7 @@ index 553b315..12b9f0a 100644 * Generate the new entry. */ - if ( (code=file->free_ent) < file->maxmaxcode ) { -+ if ( (code=file->free_ent) < file->maxmaxcode && oldcode != -1) { ++ if ( (code=file->free_ent) < file->maxmaxcode && oldcode != -1) { file->tab_prefix[code] = (unsigned short)oldcode; file->tab_suffix[code] = finchar; file->free_ent = code+1; |