24495801a4
- fix lacheck again (#451513) - fix dvips configuration (#467542) - update kpathsea description and summary (#519257) - use upstream patch to fix pool overflow CVE-2009-1284 (#492136) - don't complain if the pdvipsk hunks touching config.ps don't apply - avoid clashes with getline() from glibc - texlive-east-asian now requires texlive-texmf-east-asian (#487258) - do not attempt to remove old fonts via cron in /var/lib/texmf, fonts are stored in ~/.texlive2007/texmf-var per-user (#477833, #463975, #453468) - use correct paths in brp-* post install scriptlets (#468179) - fix build with gcc4.4
20 lines
850 B
Diff
20 lines
850 B
Diff
diff -up texlive-2007/texk/web2c/bibtex.ch.poolfix texlive-2007/texk/web2c/bibtex.ch
|
|
--- texlive-2007/texk/web2c/bibtex.ch.poolfix 2006-12-27 00:37:34.000000000 +0100
|
|
+++ texlive-2007/texk/web2c/bibtex.ch 2009-10-16 06:55:52.000000000 +0200
|
|
@@ -1134,6 +1134,15 @@ while ((ex_buf_xptr < ex_buf_ptr) and
|
|
@y
|
|
@z
|
|
|
|
+% Forgot to check for pool overflow here. Triggered by test case linked
|
|
+% from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920.
|
|
+@x
|
|
+while (sp_ptr < sp_end) do {shift the substring}
|
|
+@y
|
|
+str_room(sp_end - sp_ptr);
|
|
+while (sp_ptr < sp_end) do {shift the substring}
|
|
+@z
|
|
+
|
|
% [459] Eliminate unreferenced statement label, because `undefined' is
|
|
% now a constant expression that is not evaluated at the Web level. If
|
|
% this label were ever required, it could be replaced by the constant
|