Репозитории ALT
S: | 10.01.1-alt1 |
5.1: | 9.01-alt0.M50P.1 |
4.1: | 8.63-alt0.M41.4 |
4.0: | 8.15.4-alt1.M40.4 |
+updates: | 8.15.4-alt1.M40.4 |
3.0: | 7.07.1-alt7 |
Группа :: Издательство
Пакет: ghostscript
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: ghostscript-8.5.14-CVE-2009-0196.patch
Скачать
Скачать
diff -up espgs-8.15.2/jbig2dec/jbig2_symbol_dict.c.CVE-2009-0196 espgs-8.15.2/jbig2dec/jbig2_symbol_dict.c
--- espgs-8.15.2/jbig2dec/jbig2_symbol_dict.c.CVE-2009-0196 2005-08-11 20:57:14.000000000 +0100
+++ espgs-8.15.2/jbig2dec/jbig2_symbol_dict.c 2009-04-02 13:11:46.000000000 +0100
@@ -474,6 +474,15 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
exrunlength = params->SDNUMEXSYMS;
else
code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
+ if (exrunlength > params->SDNUMEXSYMS - j) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "runlength too large in export symbol table (%d > %d - %d)\n",
+ exrunlength, params->SDNUMEXSYMS, j);
+ jbig2_sd_release(ctx, SDEXSYMS);
+ /* skip to the cleanup code and return SDEXSYMS = NULL */
+ SDEXSYMS = NULL;
+ break;
+ }
for(k = 0; k < exrunlength; k++)
if (exflag) {
SDEXSYMS->glyphs[j++] = (i < m) ?