93 lines
3.6 KiB
Diff
93 lines
3.6 KiB
Diff
diff -up texlive-2007/texk/dvipng/draw.c.CVE-2010-0829 texlive-2007/texk/dvipng/draw.c
|
|
--- texlive-2007/texk/dvipng/draw.c.CVE-2010-0829 2006-11-07 21:40:00.000000000 +0100
|
|
+++ texlive-2007/texk/dvipng/draw.c 2010-05-07 10:54:31.532938790 +0200
|
|
@@ -99,7 +99,15 @@ dviunits SetChar(int32_t c)
|
|
|
|
if (currentfont==NULL)
|
|
Fatal("faulty DVI, trying to set character from null font");
|
|
- ptr = currentfont->chr[c];
|
|
+ if (c<0 || c>LASTFNTCHAR) {
|
|
+ Warning("glyph index out of range (%d), skipping",c);
|
|
+ return(0);
|
|
+ }
|
|
+ ptr=currentfont->chr[c];
|
|
+ if (ptr==NULL) {
|
|
+ Warning("unable to draw glyph %d, skipping",c);
|
|
+ return(0);
|
|
+ }
|
|
#ifdef DEBUG
|
|
switch (currentfont->type) {
|
|
case FONT_TYPE_VF: DEBUG_PRINT(DEBUG_DVI,("\n VF CHAR:\t")); break;
|
|
@@ -108,13 +116,13 @@ dviunits SetChar(int32_t c)
|
|
case FONT_TYPE_FT: DEBUG_PRINT(DEBUG_DVI,("\n FT CHAR:\t")); break;
|
|
default: DEBUG_PRINT(DEBUG_DVI,("\n NO CHAR:\t"))
|
|
}
|
|
- if (isprint(c))
|
|
+ if (debug & DEBUG_DVI && c>=0 && c<=UCHAR_MAX && isprint(c))
|
|
DEBUG_PRINT(DEBUG_DVI,("'%c' ",c));
|
|
DEBUG_PRINT(DEBUG_DVI,("%d at (%d,%d) tfmw %d", c,hh,vv,ptr?ptr->tfmw:0));
|
|
#endif
|
|
if (currentfont->type==FONT_TYPE_VF) {
|
|
- return(SetVF(c));
|
|
- } else if (ptr) {
|
|
+ return(SetVF(ptr));
|
|
+ } else {
|
|
if (ptr->data == NULL)
|
|
switch(currentfont->type) {
|
|
case FONT_TYPE_PK: LoadPK(c, ptr); break;
|
|
@@ -128,7 +136,7 @@ dviunits SetChar(int32_t c)
|
|
Fatal("undefined fonttype %d",currentfont->type);
|
|
}
|
|
if (page_imagep != NULL)
|
|
- return(SetGlyph(c, hh, vv));
|
|
+ return(SetGlyph(ptr, hh, vv));
|
|
else {
|
|
/* Expand bounding box if necessary */
|
|
min(x_min,hh - ptr->xOffset/shrinkfactor);
|
|
diff -up texlive-2007/texk/dvipng/dvipng.h.CVE-2010-0829 texlive-2007/texk/dvipng/dvipng.h
|
|
--- texlive-2007/texk/dvipng/dvipng.h.CVE-2010-0829 2006-12-24 01:02:30.000000000 +0100
|
|
+++ texlive-2007/texk/dvipng/dvipng.h 2010-05-07 08:11:10.249916801 +0200
|
|
@@ -387,9 +387,9 @@ void DrawPages(void);
|
|
void WriteImage(char*, int);
|
|
void LoadPK(int32_t, register struct char_entry *);
|
|
int32_t SetChar(int32_t);
|
|
-dviunits SetGlyph(int32_t c, int32_t hh,int32_t vv);
|
|
+dviunits SetGlyph(struct char_entry *ptr, int32_t hh,int32_t vv);
|
|
void Gamma(double gamma);
|
|
-int32_t SetVF(int32_t);
|
|
+int32_t SetVF(struct char_entry *ptr);
|
|
int32_t SetRule(int32_t, int32_t, int32_t, int32_t);
|
|
void SetSpecial(char *, int32_t, int32_t, int32_t);
|
|
void BeginVFMacro(struct font_entry*);
|
|
diff -up texlive-2007/texk/dvipng/set.c.CVE-2010-0829 texlive-2007/texk/dvipng/set.c
|
|
--- texlive-2007/texk/dvipng/set.c.CVE-2010-0829 2006-11-07 21:40:00.000000000 +0100
|
|
+++ texlive-2007/texk/dvipng/set.c 2010-05-07 10:55:57.807931411 +0200
|
|
@@ -202,10 +202,9 @@ void Gamma(double gamma)
|
|
}
|
|
}
|
|
|
|
-dviunits SetGlyph(int32_t c, int32_t hh,int32_t vv)
|
|
+dviunits SetGlyph(struct char_entry *ptr, int32_t hh, int32_t vv)
|
|
/* gdImageChar can only do monochrome glyphs */
|
|
{
|
|
- register struct char_entry *ptr = currentfont->chr[c];
|
|
int dst_alpha,dst_weight,tot_weight,alpha;
|
|
int x,y,pos=0;
|
|
int bgColor,pixelgrey,pixelcolor;
|
|
diff -up texlive-2007/texk/dvipng/vf.c.CVE-2010-0829 texlive-2007/texk/dvipng/vf.c
|
|
--- texlive-2007/texk/dvipng/vf.c.CVE-2010-0829 2006-11-07 21:40:00.000000000 +0100
|
|
+++ texlive-2007/texk/dvipng/vf.c 2010-05-07 08:11:10.252917007 +0200
|
|
@@ -28,11 +28,10 @@
|
|
#define VF_ID 202
|
|
#define LONG_CHAR 242
|
|
|
|
-int32_t SetVF(int32_t c)
|
|
+int32_t SetVF(struct char_entry* ptr)
|
|
{
|
|
struct font_entry* currentvf;
|
|
unsigned char *command,*end;
|
|
- struct char_entry* ptr=currentfont->chr[c];
|
|
|
|
currentvf=currentfont;
|
|
BeginVFMacro(currentvf);
|