1 files changed, 56 insertions, 0 deletions
diff --git a/debian/patches/unhtmlify-segfault.patch b/debian/patches/unhtmlify-segfault.patch
new file mode 100644
index 0000000..c30875d
--- /dev/null
+++ b/debian/patches/unhtmlify-segfault.patch
@@ -0,0 +1,56 @@
+=== modified file 'ChangeLog'
+--- foomatic-filters/ChangeLog	2010-08-27 18:01:04 +0000
++++ foomatic-filters/ChangeLog	2010-08-27 23:41:04 +0000
+@@ -1,5 +1,10 @@
+ 2010-08-27  Till Kamppeter <till.kamppeter@gmail.com>
+ 
++	* options.c: Made sure that the unhtmlify() function does not write
++	  the zero byte to mark the string end beyond the buffer. Also use a
++	  much larger buffer for parsing "*FoomaticRIPOptionPrototype:" in
++	  the PPD file (bug #515).
++
+ 	* util.c: In strncpy_tochar() use the isempty() function to check
+ 	  whether the input string is empty (bug #514).
+ 
+
+=== modified file 'options.c'
+--- foomatic-filters/options.c	2010-07-07 21:49:47 +0000
++++ foomatic-filters/options.c	2010-08-27 23:41:04 +0000
+@@ -1088,8 +1088,9 @@
+     const char *repl;
+     struct tm *t = localtime(&job->time);
+     char tmpstr[10];
++    size_t s;
+ 
+-    while (*psrc && pdest - dest < size) {
++    while (*psrc && pdest - dest < size - 1) {
+ 
+         if (*psrc == '&') {
+             psrc++;
+@@ -1154,8 +1155,12 @@
+             }
+ 
+             if (repl) {
+-                strncpy(pdest, repl, size - (pdest - dest));
+-                pdest += strlen(repl);
++	        s = size - (pdest - dest) - 1;
++                strncpy(pdest, repl, s);
++		if (s < strlen(repl))
++		  pdest += s;
++		else
++		  pdest += strlen(repl);
+                 psrc = strchr(psrc, ';') +1;
+             }
+             else {
+@@ -1601,8 +1606,8 @@
+             /* "*FoomaticRIPOptionPrototype <option>: <code>"
+                Used for numerical and string options only */
+             opt = assure_option(name);
+-            opt->proto = malloc(128);
+-            unhtmlify(opt->proto, 128, value->data);
++            opt->proto = malloc(65536);
++            unhtmlify(opt->proto, 65536, value->data);
+         }
+         else if (!strcmp(key, "FoomaticRIPOptionRange")) {
+             /* *FoomaticRIPOptionRange <option>: <min> <max>
+