texlive/texlive-poolfix.patch
Jindrich Novy 35b0b027cb - make kpathsea not dependent on texlive
- fix lacheck again (#451513)
- fix dvips configuration (#467542)
- update kpathsea description and summary (#519257)
- use upstream patch to fix pool overflow CVE-2009-1284 (#492136)
2009-10-16 05:36:21 +00:00

20 lines
850 B
Diff

diff -up texlive-2007/texk/web2c/bibtex.ch.poolfix texlive-2007/texk/web2c/bibtex.ch
--- texlive-2007/texk/web2c/bibtex.ch.poolfix 2006-12-27 00:37:34.000000000 +0100
+++ texlive-2007/texk/web2c/bibtex.ch 2009-10-16 06:55:52.000000000 +0200
@@ -1134,6 +1134,15 @@ while ((ex_buf_xptr < ex_buf_ptr) and
@y
@z
+% Forgot to check for pool overflow here. Triggered by test case linked
+% from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920.
+@x
+while (sp_ptr < sp_end) do {shift the substring}
+@y
+str_room(sp_end - sp_ptr);
+while (sp_ptr < sp_end) do {shift the substring}
+@z
+
% [459] Eliminate unreferenced statement label, because `undefined' is
% now a constant expression that is not evaluated at the Web level. If
% this label were ever required, it could be replaced by the constant