summaryrefslogtreecommitdiff
path: root/backend/dvi/mdvi-lib/vf.c
diff options
context:
space:
mode:
authorinfirit <[email protected]>2014-12-10 00:58:36 +0100
committerinfirit <[email protected]>2014-12-10 00:58:36 +0100
commita828cb1a5c0835d08a17c86f64d571436f93f980 (patch)
tree6ad1a50b5854ffe240a46f2572b170c599efbfd1 /backend/dvi/mdvi-lib/vf.c
parentb2d02d6471176fdb0e42dbe05ffaee90a933a239 (diff)
downloadatril-a828cb1a5c0835d08a17c86f64d571436f93f980.tar.bz2
atril-a828cb1a5c0835d08a17c86f64d571436f93f980.tar.xz
backends: Fix several security issues in the dvi-backend.
See CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643. Taken from evince commit: d4139205b010ed06310d14284e63114e88ec6de2 From: José Aliste <[email protected]>
Diffstat (limited to 'backend/dvi/mdvi-lib/vf.c')
-rw-r--r--backend/dvi/mdvi-lib/vf.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/backend/dvi/mdvi-lib/vf.c b/backend/dvi/mdvi-lib/vf.c
index fb498476..a5ae3bbe 100644
--- a/backend/dvi/mdvi-lib/vf.c
+++ b/backend/dvi/mdvi-lib/vf.c
@@ -165,6 +165,12 @@ static int vf_load_font(DviParams *params, DviFont *font)
cc = fuget1(p);
tfm = fuget3(p);
}
+ if (cc < 0 || cc > 65536) {
+ /* TeX engines do not support char codes bigger than 65535 */
+ mdvi_error(_("(vf) %s: unexpected character %d\n"),
+ font->fontname, cc);
+ goto error;
+ }
if(loc < 0 || cc < loc)
loc = cc;
if(hic < 0 || cc > hic)
generated by cgit v1.2.1 (git 2.18.0) at 2024-11-02 06:13:32 +0000