Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Package not found: openSUSE:Backports:SLE-15-SP4:FactoryCandidates/knotes
openSUSE:Evergreen:11.1:Test
texlive
source-dvips-overflow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File source-dvips-overflow.patch of Package texlive
| Name: CVE-2007-5935 | Status: Candidate | URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935 | Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081 | Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=368591 | | Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive | 2007 and earlier allows user-assisted attackers to execute arbitrary | code via a DVI file with a long href tag. | --- texk/dvipsk/hps.c +++ texk/dvipsk/hps.c 2007-10-19 18:22:47.000000000 +0200 @@ -441,19 +441,32 @@ void stamp_hps P1C(Hps_link *, pl) { - char tmpbuf[200] ; + char * tmpbuf; if (pl == NULL) { error("Null pointer, oh no!") ; return ; - } else { - /* print out the proper pdfm with local page info only - * target info will be in the target dictionary */ - (void)sprintf(tmpbuf, - " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, - pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], - pl->color[0], pl->color[1], pl->color[2]) ; - cmdout(tmpbuf) ; - } + } + if(pl->title == NULL) { + error("Null pointer, oh no!") ; + return ; + } + + tmpbuf = (char *) malloc(strlen(pl->title)+200); + if(tmpbuf == NULL) { + error("out of memory, oh no!") ; + return ; + } + + /* print out the proper pdfm with local page info only + * target info will be in the target dictionary */ + (void)sprintf(tmpbuf, + " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", + pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, + pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], + pl->color[0], pl->color[1], pl->color[2]) ; + cmdout(tmpbuf) ; + free(tmpbuf); + } @@ -462,18 +475,31 @@ */ void stamp_external P2C(char *, s, Hps_link *, pl) { - char tmpbuf[200]; + char *tmpbuf; if (pl == NULL) { error("Null pointer, oh no!") ; return ; - } else { - /* print out the proper pdfm with local page info only - * target info will be in the target dictionary */ - (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, - pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], - pl->color[0], pl->color[1], pl->color[2], s) ; - cmdout(tmpbuf) ; - } + } + + if (s == NULL) { + error("Null pointer, oh no!") ; + return ; + } + + tmpbuf = (char *) malloc(strlen(s) + 200); + if(tmpbuf == NULL) { + error("out of memory, oh no!") ; + return ; + } + + /* print out the proper pdfm with local page info only + * target info will be in the target dictionary */ + (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", + pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, + pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], + pl->color[0], pl->color[1], pl->color[2], s) ; + cmdout(tmpbuf) ; + free(tmpbuf); } void finish_hps P1H(void) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor