head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q2:1.1.0.4
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2010.09.13.04.28.21;	author minskim;	state dead;
branches;
next	1.1;

1.1
date	2010.05.17.20.21.38;	author tez;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.05.17.20.21.38;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.05.17.22.47.51;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update dvipng to 1.13.

Changes:
- Add width reporting.
@
text
@$NetBSD: patch-aa,v 1.1 2010/05/17 20:21:38 tez Exp $
CVE-2010-0829

--- draw.c	2008-06-11 23:05:01 +0000
+++ draw.c	2010-04-27 09:34:06 +0000
@@@@ -79,9 +79,15 @@@@
 
   if (currentfont==NULL) 
     Fatal("faulty DVI, trying to set character from null font");
-
-  if (c>=0 && c<=LASTFNTCHAR) 
-    ptr = currentfont->chr[c];
+  if (c<0 || c>LASTFNTCHAR) {
+    Warning("glyph index out of range (%d), skipping",c);
+    return(0);
+  }
+  ptr=currentfont->chr[c];
+  if (ptr==NULL) {
+    Warning("unable to draw glyph %d, skipping",c);
+    return(0);
+  }
 #ifdef DEBUG
   switch (currentfont->type) {
   case FONT_TYPE_VF: DEBUG_PRINT(DEBUG_DVI,("\n  VF CHAR:\t")); break;
@@@@ -90,15 +96,15 @@@@
   case FONT_TYPE_FT: DEBUG_PRINT(DEBUG_DVI,("\n  FT CHAR:\t")); break;
   default: DEBUG_PRINT(DEBUG_DVI,("\n  NO CHAR:\t"))
   }
-  if (isprint(c))
+  if (debug & DEBUG_DVI && c>=0 && c<=UCHAR_MAX && isprint(c))
     DEBUG_PRINT(DEBUG_DVI,("'%c' ",c));
   DEBUG_PRINT(DEBUG_DVI,("%d at (%d,%d) tfmw %d", c,
 			 dvi_stack->hh,dvi_stack->vv,ptr?ptr->tfmw:0));
 #endif
   if (currentfont->type==FONT_TYPE_VF) {
-    return(SetVF(c));
+    return(SetVF(ptr));
   } else {
-    if (ptr!=NULL && ptr->data == NULL) 
+    if (ptr->data == NULL) 
       switch(currentfont->type) {
       case FONT_TYPE_PK:	LoadPK(c, ptr); break;
 #ifdef HAVE_LIBT1
@@@@ -111,8 +117,8 @@@@
 	Fatal("undefined fonttype %d",currentfont->type);
       }
     if (page_imagep != NULL)
-      return(SetGlyph(c, dvi_stack->hh, dvi_stack->vv));
-    else if (ptr!=NULL) {
+      return(SetGlyph(ptr, dvi_stack->hh, dvi_stack->vv));
+    else {
       /* Expand bounding box if necessary */
       min(x_min,dvi_stack->hh - ptr->xOffset/shrinkfactor);
       min(y_min,dvi_stack->vv - ptr->yOffset/shrinkfactor);

@


1.1
log
@CVE-2010-0829 fix from https://bugzilla.redhat.com/show_bug.cgi?id=573999
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-aa was added on branch pkgsrc-2010Q1 on 2010-05-17 22:47:51 +0000
@
text
@d1 55
@


1.1.2.2
log
@Pullup ticket #3124 - requested by tez
graphics/dvipng: security patch

Revisions pulled up:
- graphics/dvipng/Makefile			1.12
- graphics/dvipng/distinfo			1.3
- graphics/dvipng/patches/patch-aa		1.1
- graphics/dvipng/patches/patch-ab		1.1
- graphics/dvipng/patches/patch-ac		1.1
- graphics/dvipng/patches/patch-ad		1.1
---
Module Name:    pkgsrc
Committed By:   tez
Date:           Mon May 17 20:21:39 UTC 2010

Modified Files:
        pkgsrc/graphics/dvipng: Makefile distinfo
Added Files:
        pkgsrc/graphics/dvipng/patches: patch-aa patch-ab patch-ac patch-ad

Log Message:
CVE-2010-0829 fix from https://bugzilla.redhat.com/show_bug.cgi?id=573999
@
text
@a0 55
$NetBSD: patch-aa,v 1.1 2010/05/17 20:21:38 tez Exp $
CVE-2010-0829

--- draw.c	2008-06-11 23:05:01 +0000
+++ draw.c	2010-04-27 09:34:06 +0000
@@@@ -79,9 +79,15 @@@@
 
   if (currentfont==NULL) 
     Fatal("faulty DVI, trying to set character from null font");
-
-  if (c>=0 && c<=LASTFNTCHAR) 
-    ptr = currentfont->chr[c];
+  if (c<0 || c>LASTFNTCHAR) {
+    Warning("glyph index out of range (%d), skipping",c);
+    return(0);
+  }
+  ptr=currentfont->chr[c];
+  if (ptr==NULL) {
+    Warning("unable to draw glyph %d, skipping",c);
+    return(0);
+  }
 #ifdef DEBUG
   switch (currentfont->type) {
   case FONT_TYPE_VF: DEBUG_PRINT(DEBUG_DVI,("\n  VF CHAR:\t")); break;
@@@@ -90,15 +96,15 @@@@
   case FONT_TYPE_FT: DEBUG_PRINT(DEBUG_DVI,("\n  FT CHAR:\t")); break;
   default: DEBUG_PRINT(DEBUG_DVI,("\n  NO CHAR:\t"))
   }
-  if (isprint(c))
+  if (debug & DEBUG_DVI && c>=0 && c<=UCHAR_MAX && isprint(c))
     DEBUG_PRINT(DEBUG_DVI,("'%c' ",c));
   DEBUG_PRINT(DEBUG_DVI,("%d at (%d,%d) tfmw %d", c,
 			 dvi_stack->hh,dvi_stack->vv,ptr?ptr->tfmw:0));
 #endif
   if (currentfont->type==FONT_TYPE_VF) {
-    return(SetVF(c));
+    return(SetVF(ptr));
   } else {
-    if (ptr!=NULL && ptr->data == NULL) 
+    if (ptr->data == NULL) 
       switch(currentfont->type) {
       case FONT_TYPE_PK:	LoadPK(c, ptr); break;
 #ifdef HAVE_LIBT1
@@@@ -111,8 +117,8 @@@@
 	Fatal("undefined fonttype %d",currentfont->type);
       }
     if (page_imagep != NULL)
-      return(SetGlyph(c, dvi_stack->hh, dvi_stack->vv));
-    else if (ptr!=NULL) {
+      return(SetGlyph(ptr, dvi_stack->hh, dvi_stack->vv));
+    else {
       /* Expand bounding box if necessary */
       min(x_min,dvi_stack->hh - ptr->xOffset/shrinkfactor);
       min(y_min,dvi_stack->vv - ptr->yOffset/shrinkfactor);

@