This commit was manufactured by cvs2svn to create tag 'RELEASE_6_0_0'.release/6.0.0

author: cvs2svn <cvs2svn@FreeBSD.org> 2005-10-16 07:41:55 +0000
committer: cvs2svn <cvs2svn@FreeBSD.org> 2005-10-16 07:41:55 +0000
commit: 40a3261d1a6e2617f6afde0cd6d762a7e211af7a (patch)
tree: d70bbf882801af3a4e58dde3ed6a1da1849479d4 /print/cups-base/files/patch-CAN-2005-2097
parent: Fix the string format vulnerability desribed at (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/print/cups-base/files/patch-CAN-2005-2097 b/print/cups-base/files/patch-CAN-2005-2097
new file mode 100644
index 000000000000..6de18ba3e35b
--- /dev/null
+++ b/print/cups-base/files/patch-CAN-2005-2097
@@ -0,0 +1,12 @@
+--- pdftops/FontFile.cxx.orig	Tue Feb  3 09:41:09 2004
++++ pdftops/FontFile.cxx	Tue Sep  6 16:16:04 2005
+@@ -3572,6 +3573,9 @@
+     } else {
+       origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+     }
++
++    if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++      error(1, 0, "bad loca table pos value");
+   }
+   qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+   for (i = 0; i < nGlyphs; ++i) {
author	cvs2svn <cvs2svn@FreeBSD.org>	2005-10-16 07:41:55 +0000
committer	cvs2svn <cvs2svn@FreeBSD.org>	2005-10-16 07:41:55 +0000
commit	40a3261d1a6e2617f6afde0cd6d762a7e211af7a (patch)
tree	d70bbf882801af3a4e58dde3ed6a1da1849479d4 /print/cups-base/files/patch-CAN-2005-2097
parent	Fix the string format vulnerability desribed at (diff)