diff options
Diffstat (limited to 'debian/patches/unhtmlify-segfault.patch')
-rw-r--r-- | debian/patches/unhtmlify-segfault.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/debian/patches/unhtmlify-segfault.patch b/debian/patches/unhtmlify-segfault.patch new file mode 100644 index 0000000..c30875d --- /dev/null +++ b/debian/patches/unhtmlify-segfault.patch @@ -0,0 +1,56 @@ +=== modified file 'ChangeLog' +--- foomatic-filters/ChangeLog 2010-08-27 18:01:04 +0000 ++++ foomatic-filters/ChangeLog 2010-08-27 23:41:04 +0000 +@@ -1,5 +1,10 @@ + 2010-08-27 Till Kamppeter <till.kamppeter@gmail.com> + ++ * options.c: Made sure that the unhtmlify() function does not write ++ the zero byte to mark the string end beyond the buffer. Also use a ++ much larger buffer for parsing "*FoomaticRIPOptionPrototype:" in ++ the PPD file (bug #515). ++ + * util.c: In strncpy_tochar() use the isempty() function to check + whether the input string is empty (bug #514). + + +=== modified file 'options.c' +--- foomatic-filters/options.c 2010-07-07 21:49:47 +0000 ++++ foomatic-filters/options.c 2010-08-27 23:41:04 +0000 +@@ -1088,8 +1088,9 @@ + const char *repl; + struct tm *t = localtime(&job->time); + char tmpstr[10]; ++ size_t s; + +- while (*psrc && pdest - dest < size) { ++ while (*psrc && pdest - dest < size - 1) { + + if (*psrc == '&') { + psrc++; +@@ -1154,8 +1155,12 @@ + } + + if (repl) { +- strncpy(pdest, repl, size - (pdest - dest)); +- pdest += strlen(repl); ++ s = size - (pdest - dest) - 1; ++ strncpy(pdest, repl, s); ++ if (s < strlen(repl)) ++ pdest += s; ++ else ++ pdest += strlen(repl); + psrc = strchr(psrc, ';') +1; + } + else { +@@ -1601,8 +1606,8 @@ + /* "*FoomaticRIPOptionPrototype <option>: <code>" + Used for numerical and string options only */ + opt = assure_option(name); +- opt->proto = malloc(128); +- unhtmlify(opt->proto, 128, value->data); ++ opt->proto = malloc(65536); ++ unhtmlify(opt->proto, 65536, value->data); + } + else if (!strcmp(key, "FoomaticRIPOptionRange")) { + /* *FoomaticRIPOptionRange <option>: <min> <max> + |