Projects
Mega:24.03:SP1:Everything
texlive-base
_service:tar_scm:CVE-2023-46048.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2023-46048.patch of Package texlive-base
Origin: https://github.com/TeX-Live/texlive-source/commit/33b330bc48ed2df69daf80a81be3cde8bf794816 https://tug.org/pipermail/tex-live/2023-August/049402.html From 33b330bc48ed2df69daf80a81be3cde8bf794816 Mon Sep 17 00:00:00 2001 From: Karl Berry <karl@freefriends.org> Date: Sat, 26 Aug 2023 17:50:10 +0000 Subject: [PATCH] guard against corrupt pfb in dup tests, pdftex r910 git-svn-id: svn://tug.org/texlive/trunk/Build/source@68069 c570f23f-e606-0410-a88d-b1316a301751 --- texlive-20210325-source/texk/web2c/pdftexdir/writet1.c | 15 ++++++++++++--- 1 files changed, 12 insertions(+), 3 deletions(-) diff --git a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c b/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c index 0444d46be0..f2a8386cab 100644 --- a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c +++ b/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c @@ -841,7 +841,10 @@ static char **t1_builtin_enc(void) *t1_buf_array == '/' && valid_code(i)) { if (strcmp(t1_buf_array + 1, notdef) != 0) glyph_names[i] = xstrdup(t1_buf_array + 1); - p = strstr(p, " put") + strlen(" put"); + p = strstr(p, " put"); + if (!p) + pdftex_fail("invalid pfb, no put found in dup"); + p += strlen(" put"); skip(p, ' '); } /* @@ -850,7 +853,10 @@ static char **t1_builtin_enc(void) else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2 && valid_code(a) && valid_code(b)) { copy_glyph_names(glyph_names, a, b); - p = strstr(p, " get put") + strlen(" get put"); + p = strstr(p, " get put"); + if (!p) + pdftex_fail("invalid pfb, no get put found in dup dup"); + p += strlen(" get put"); skip(p, ' '); } /* @@ -861,7 +867,10 @@ static char **t1_builtin_enc(void) && valid_code(a) && valid_code(b) && valid_code(c)) { for (i = 0; i < c; i++) copy_glyph_names(glyph_names, a + i, b + i); - p = strstr(p, " putinterval") + strlen(" putinterval"); + p = strstr(p, " putinterval"); + if (!p) + pdftex_fail("invalid pfb, no putinterval found in dup dup"); + p += strlen(" putinterval"); skip(p, ' '); } /*
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2