Sophie

Sophie

distrib > Mageia > 5 > x86_64 > media > core-updates-src > by-pkgid > f5fd435f43132593985108f317633915 > files > 1

transfig-3.2.5d-8.1.mga5.src.rpm

--- transfig.3.2.5d/fig2dev/read.c.CVE_16899	2017-12-17 21:41:49.324268844 +0200
+++ transfig.3.2.5d/fig2dev/read.c	2017-12-17 21:44:14.280757546 +0200
@@ -1187,42 +1187,48 @@
 	}
 	if (strlen(s) == 0) 
 		(void)strcpy(s, " ");
 	t->cstring = (char*)calloc((unsigned)(strlen(s)), sizeof(char));
 	if (NULL == t->cstring) {
 	    put_msg(Err_mem);
 	    free((char*)t);
 	    return NULL;
 	}
 	(void)strcpy(t->cstring, s+1);
 
 	if (!v21_flag && (t->font == 0 || t->font == DEFAULT))
 		t->flags = ((t->flags != DEFAULT) ? t->flags : 0)
 				| SPECIAL_TEXT;
 
 	if (v2_flag && !v21_flag && !special_text(t)) 
 		t->flags = ((t->flags != DEFAULT) ? t->flags : 0)
 				| PSFONT_TEXT;
 
 	/* keep the font number reasonable */
-	if (t->font > MAXFONT(t))
+	if (t->font > MAXFONT(t)) {
 		t->font = MAXFONT(t);
+	} else if (t->font < 0 ) {
+		if (psfont_text(t) && t->font < -1)
+			t->font = -1;
+		else
+			t->font = 0;
+	}
 	fix_color(&t->color);
 	t->comments = attach_comments();	/* attach any comments */
 	return t;
 }
 
 /* strncasecmp and strcasecmp by Fred Appelman (Fred.Appelman@cv.ruu.nl) */
 
 #ifdef HAVE_NO_STRNCASECMP
 
 int strncasecmp(const char* s1, const char* s2, int n)
 {
    char c1,c2;
 
    while (--n>=0)
    {
           /* Check for end of string, if either of the strings
            * is ended, we can terminate the test
            */
           if (*s1=='\0' && *s2!='\0') return -1; /* s1 ended premature */
           if (*s1!='\0' && *s2=='\0') return +1; /* s2 ended premature */
--- transfig.3.2.5d/fig2dev/read1_3.c.CVE_16899	2003-04-09 02:18:52.000000000 +0300
+++ transfig.3.2.5d/fig2dev/read1_3.c	2017-12-17 21:41:49.324268844 +0200
@@ -448,24 +448,33 @@
 	t->flags = 0;
       	t->color = BLACK_COLOR;
 	t->depth = 0;
 	t->pen = 0;
 	t->angle = 0.0;
 	t->next = NULL;
 	n = fscanf(fp," %d %lf %d %lf %lf %d %d %[^\n]", &t->font, 
 		&t->size, &t->flags, &t->height, &t->length, 
 		&t->base_x, &t->base_y, buf);
 	if (n != 8) {
 	    put_msg("incomplete text data");
 	    free((char*)t);
 	    return(NULL);
 	    }
 	t->cstring = (char *) calloc((unsigned)(strlen(buf)+1), sizeof(char));
 	if (t->cstring == NULL) {
 	    put_msg(Err_mem);
 	    free((char*) t);
 	    return(NULL);
 	    }
+	/* keep the font number within valid range */
+	if (t->font > MAXFONT(t)) {
+		t->font = MAXFONT(t);
+	} else if (t->font < 0 ) {
+		if (psfont_text(t) && t->font < -1)
+			t->font = -1;
+		else
+			t->font = 0;
+	}
 	(void)strcpy(t->cstring, buf);
 	if (t->size == 0) t->size = 18;
 	return(t);
 	}

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional