Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/xfig/files/xfig-3.2.5b-figparserstack.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/xfig/files/xfig-3.2.5b-figparserstack.patch')
-rw-r--r--media-gfx/xfig/files/xfig-3.2.5b-figparserstack.patch61
1 files changed, 0 insertions, 61 deletions
diff --git a/media-gfx/xfig/files/xfig-3.2.5b-figparserstack.patch b/media-gfx/xfig/files/xfig-3.2.5b-figparserstack.patch
deleted file mode 100644
index 7f4668214acc..000000000000
--- a/media-gfx/xfig/files/xfig-3.2.5b-figparserstack.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 30_figparserstack.dpatch by Hans de Goede <j.w.r.degoede@hhs.nl>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix Stack-based buffer overflow by loading malformed .FIG files
-## DP: https://bugzilla.redhat.com/show_bug.cgi?id=543905
-## DP: Closes: #559274
-
-@DPATCH@
-diff -urNad xfig~/f_readold.c xfig/f_readold.c
---- xfig~/f_readold.c
-+++ xfig/f_readold.c
-@@ -471,7 +471,7 @@
- F_text *t;
- int n;
- int dum;
-- char buf[128];
-+ char buf[512];
- PR_SIZE tx_dim;
-
- if ((t = create_text()) == NULL)
-@@ -485,22 +485,34 @@
- t->pen_style = -1;
- t->angle = 0.0;
- t->next = NULL;
-+ if (!fgets(buf, sizeof(buf), fp)) {
-+ file_msg("Incomplete text data");
-+ free((char *) t);
-+ return (NULL);
-+ }
-+
-+ /* Note using strlen(buf) here will waste a few bytes, as the
-+ various text attributes are counted into this length too. */
-+ if ((t->cstring = new_string(strlen(buf))) == NULL)
-+ return (NULL);
-+
- /* ascent and length will be recalculated later */
-- n = fscanf(fp, " %d %d %d %d %d %d %d %[^\n]",
-+ n = sscanf(buf, " %d %d %d %d %d %d %d %[^\n]",
- &t->font, &dum, &dum, &t->ascent, &t->length,
-- &t->base_x, &t->base_y, buf);
-+ &t->base_x, &t->base_y, t->cstring);
- if (n != 8) {
- file_msg("Incomplete text data");
-+ free(t->cstring);
- free((char *) t);
- return (NULL);
- }
-- if ((t->cstring = new_string(strlen(buf))) == NULL) {
-+
-+ if (!strlen(t->cstring)) {
-+ free(t->cstring);
- free((char *) t);
- file_msg("Empty text string at line %d.", line_no);
- return (NULL);
- }
-- /* put string in structure */
-- strcpy(t->cstring, buf);
-
- /* get the font struct */
- t->zoom = zoomscale;