35b0b027cb
- fix lacheck again (#451513) - fix dvips configuration (#467542) - update kpathsea description and summary (#519257) - use upstream patch to fix pool overflow CVE-2009-1284 (#492136)
20 lines
850 B
Diff
20 lines
850 B
Diff
diff -up texlive-2007/texk/web2c/bibtex.ch.poolfix texlive-2007/texk/web2c/bibtex.ch
|
|
--- texlive-2007/texk/web2c/bibtex.ch.poolfix 2006-12-27 00:37:34.000000000 +0100
|
|
+++ texlive-2007/texk/web2c/bibtex.ch 2009-10-16 06:55:52.000000000 +0200
|
|
@@ -1134,6 +1134,15 @@ while ((ex_buf_xptr < ex_buf_ptr) and
|
|
@y
|
|
@z
|
|
|
|
+% Forgot to check for pool overflow here. Triggered by test case linked
|
|
+% from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920.
|
|
+@x
|
|
+while (sp_ptr < sp_end) do {shift the substring}
|
|
+@y
|
|
+str_room(sp_end - sp_ptr);
|
|
+while (sp_ptr < sp_end) do {shift the substring}
|
|
+@z
|
|
+
|
|
% [459] Eliminate unreferenced statement label, because `undefined' is
|
|
% now a constant expression that is not evaluated at the Web level. If
|
|
% this label were ever required, it could be replaced by the constant
|