backends: Fix several security issues in the dvi-backend.

See CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643. Taken from evince commit: d4139205b010ed06310d14284e63114e88ec6de2 From: José Aliste <[email protected]>
author: infirit <[email protected]> 2014-12-10 00:58:36 +0100
committer: infirit <[email protected]> 2014-12-10 00:58:36 +0100
commit: a828cb1a5c0835d08a17c86f64d571436f93f980 (patch)
tree: 6ad1a50b5854ffe240a46f2572b170c599efbfd1 /backend/dvi/mdvi-lib/pk.c
parent: b2d02d6471176fdb0e42dbe05ffaee90a933a239 (diff)
download: atril-a828cb1a5c0835d08a17c86f64d571436f93f980.tar.bz2
atril-a828cb1a5c0835d08a17c86f64d571436f93f980.tar.xz
1 files changed, 10 insertions, 1 deletions
diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c
index a5791869..3e7d9661 100644
--- a/backend/dvi/mdvi-lib/pk.c
+++ b/backend/dvi/mdvi-lib/pk.c
@@ -469,6 +469,15 @@ static int pk_load_font(DviParams *unused, DviFont *font)
 }
 if(feof(p))
 break;
+
+ /* Although the PK format support bigger char codes,
+ * XeTeX and other extended TeX engines support charcodes up to
+ * 65536, while normal TeX engine supports only charcode up to 255.*/
+ if (cc < 0 || cc > 65536) {
+ mdvi_error (_("%s: unexpected charcode (%d)\n"),
+ font->fontname,cc);
+ goto error;
+ }
 if(cc < loc)
 loc = cc;
 if(cc > hic)
@@ -512,7 +521,7 @@ static int pk_load_font(DviParams *unused, DviFont *font)
 }
 
 /* resize font char data */
- if(loc > 0 || hic < maxch-1) {
+ if(loc > 0 && hic < maxch-1) {
 memmove(font->chars, font->chars + loc, 
 (hic - loc + 1) * sizeof(DviFontChar));
 font->chars = xresize(font->chars,
author	infirit <[email protected]>	2014-12-10 00:58:36 +0100
committer	infirit <[email protected]>	2014-12-10 00:58:36 +0100
commit	a828cb1a5c0835d08a17c86f64d571436f93f980 (patch)
tree	6ad1a50b5854ffe240a46f2572b170c599efbfd1 /backend/dvi/mdvi-lib/pk.c
parent	b2d02d6471176fdb0e42dbe05ffaee90a933a239 (diff)
download	atril-a828cb1a5c0835d08a17c86f64d571436f93f980.tar.bz2 atril-a828cb1a5c0835d08a17c86f64d571436f93f980.tar.xz