http://www.kde.org/info/security/advisory-20050809-1.txt
This is post-3.4.1-kdegraphics-4.diff, adjusted for KDE 3.4.2.
I don't have the resources to build KDE here, somebody please pick
this up and commit it.
--- kpdf/xpdf/fofi/FoFiTrueType.cc.orig Wed Jul 20 12:00:36 2005
+++ kpdf/xpdf/fofi/FoFiTrueType.cc Wed Aug 10 23:11:25 2005
@@ -1373,6 +1373,27 @@ void FoFiTrueType::parse() {
return;
}
+ // make sure the loca table is sane (correct length and entries are
+ // in bounds)
+ i = seekTable("loca");
+ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
+ parsedOk = gFalse;
+ return;
+ }
+ for (j = 0; j <= nGlyphs; ++j) {
+ if (locaFmt) {
+ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
+ } else {
+ pos = getU16BE(tables[i].offset + j*2, &parsedOk);
+ }
+ if (pos < 0 || pos > len) {
+ parsedOk = gFalse;
+ }
+ }
+ if (!parsedOk) {
+ return;
+ }
+
// read the post table
readPostTable();
if (!parsedOk) {
--- kpdf/xpdf/xpdf/SplashOutputDev.cc.orig Wed Jul 20 12:00:36 2005
+++ kpdf/xpdf/xpdf/SplashOutputDev.cc Wed Aug 10 23:13:31 2005
@@ -622,11 +622,15 @@ void SplashOutputDev::updateFont(GfxStat
ff = FoFiTrueType::load(fileName->getCString());
else
ff = new FoFiTrueType(tmpBuf, tmpBufLen, gFalse);
- if (! ff)
- goto err2;
- codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
- delete ff;
- fontFile = fontEngine->loadTrueTypeFont(id, fontsrc, codeToGID, 256);
+ if (ff) {
+ codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
+ n = 256;
+ delete ff;
+ } else {
+ codeToGID = NULL;
+ n = 0;
+ }
+ fontFile = fontEngine->loadTrueTypeFont(id, fontsrc, codeToGID, n);
if (! fontFile) {
error(-1, "Couldn't create a font for '%s'",
gfxFont->getName() ? gfxFont->getName()->getCString()
--
Christian "naddy" Weisgerber [EMAIL PROTECTED]
_______________________________________________
kde-freebsd mailing list
[email protected]
http://freebsd.kde.org/mailman/listinfo/kde-freebsd
