From b46a615945b6c66a0e243077551818905950ed49 Mon Sep 17 00:00:00 2001 From: Nathan Owens Date: Thu, 12 Dec 2019 18:16:29 -0600 Subject: [PATCH] fig2dev: add CVE-2019-19746 patch Signed-off-by: Nathan Owens --- srcpkgs/fig2dev/patches/CVE-2019-19746.patch | 57 ++++++++++++++++++++ srcpkgs/fig2dev/template | 2 +- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/fig2dev/patches/CVE-2019-19746.patch diff --git a/srcpkgs/fig2dev/patches/CVE-2019-19746.patch b/srcpkgs/fig2dev/patches/CVE-2019-19746.patch new file mode 100644 index 00000000000..8655027d2dc --- /dev/null +++ b/srcpkgs/fig2dev/patches/CVE-2019-19746.patch @@ -0,0 +1,57 @@ +--- fig2dev/arrow.c ++++ fig2dev/arrow.c +@@ -1,9 +1,10 @@ + /* + * Fig2dev: Translate Fig code to various Devices +- * Copyright (c) 1985 by Supoj Sutantavibul + * Copyright (c) 1991 by Micah Beck +- * Parts Copyright (c) 1989-2002 by Brian V. Smith +- * Parts Copyright (c) 2015-2018 by Thomas Loimer ++ * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul ++ * Parts Copyright (c) 1989-2015 by Brian V. Smith ++ * Parts Copyright (c) 2015-2019 by Thomas Loimer ++ * + * + * Any party obtaining a copy of these files is granted, free of charge, a + * full and unrestricted irrevocable, world-wide, paid up, royalty-free, +@@ -78,7 +79,9 @@ + { + F_arrow *a; + +- if (style < 0 || style > 1 || type < 0 || (type + 1) * 2 > NUMARROWS) ++ if (style < 0 || style > 1 || type < 0 || ++ /* beware of int overflow */ ++ type > NUMARROWS || (type + 1) * 2 > NUMARROWS) + return NULL; + if (NULL == (Arrow_malloc(a))) { + put_msg(Err_mem); +@@ -90,7 +93,7 @@ + + a->type = type; + a->style = style; +- a->thickness = thickness*THICK_SCALE; ++ a->thickness = thickness * THICK_SCALE; + a->wid = wid; + a->ht = ht; + return a; +--- fig2dev/tests/read.at ++++ fig2dev/tests/read.at +@@ -135,6 +135,18 @@ + ]) + AT_CLEANUP + ++AT_SETUP([reject huge arrow-type, ticket #57]) ++AT_KEYWORDS(arrow.c arrow) ++AT_CHECK([fig2dev -L box <