head	1.2;
access;
symbols
	pkgsrc-2013Q4:1.1.0.34
	pkgsrc-2013Q4-base:1.1
	pkgsrc-2013Q3:1.1.0.32
	pkgsrc-2013Q3-base:1.1
	pkgsrc-2013Q2:1.1.0.30
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2013Q1:1.1.0.28
	pkgsrc-2013Q1-base:1.1
	pkgsrc-2012Q4:1.1.0.26
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2012Q3:1.1.0.24
	pkgsrc-2012Q3-base:1.1
	pkgsrc-2012Q2:1.1.0.22
	pkgsrc-2012Q2-base:1.1
	pkgsrc-2012Q1:1.1.0.20
	pkgsrc-2012Q1-base:1.1
	pkgsrc-2011Q4:1.1.0.18
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.16
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.14
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.12
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.10
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.8
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.6
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.4
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.2
	pkgsrc-2009Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2014.02.24.12.12.02;	author wiz;	state dead;
branches;
next	1.1;
commitid	VxnUg7mBlQtYIlqx;

1.1
date	2009.12.23.14.19.58;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to 3.2.5e:
BUGS FIXED:
	o HTML map output was limited to 100 links.
	  Fix by Jan van Dijk
	o Updated for compatibility to PNG 1.5
	  From Matthias Scheler
	o Was adding "showpage" command when producing bitmap formats from intermediate EPS.
	  This produced "illegal" PNG and JPEG files with extra, blank image.
	o Maximum width of included image in PS/EPS output increased from 8192 to 16384
	o Precision of some PIC objects increased from %.2f to %.3f
	o Double close of output file when ghostscript fails. Original bug report from
	  https://bugzilla.redhat.com/728825
@
text
@$NetBSD: patch-af,v 1.1 2009/12/23 14:19:58 drochner Exp $

--- fig2dev/read1_3.c.orig	2003-04-08 22:18:51.000000000 +0000
+++ fig2dev/read1_3.c
@@@@ -441,7 +441,7 @@@@ FILE	*fp;
 {
 	F_text	*t;
 	int	n;
-	char	buf[128];
+	char	buf[512];
 
 	Text_malloc(t);
 	t->type = T_LEFT_JUSTIFIED;
@@@@ -451,21 +451,33 @@@@ FILE	*fp;
 	t->pen = 0;
 	t->angle = 0.0;
 	t->next = NULL;
-	n = fscanf(fp," %d %lf %d %lf %lf %d %d %[^\n]", &t->font, 
+	if (!fgets(buf, sizeof(buf), fp)) {
+		put_msg("Incomplete text data");
+		free((char *) t);
+		return (NULL);
+	}
+
+	/* Note using strlen(buf) here will waste a few bytes, as the
+	   various text attributes are counted into this length too. */
+	t->cstring = (char *) calloc((unsigned)(strlen(buf)+1), sizeof(char));
+	if (t->cstring == NULL)
+		return (NULL);
+	n = sscanf(buf," %d %lf %d %lf %lf %d %d %[^\n]", &t->font, 
 		&t->size, &t->flags, &t->height, &t->length, 
-		&t->base_x, &t->base_y, buf);
+		&t->base_x, &t->base_y, t->cstring);
 	if (n != 8) {
 	    put_msg("incomplete text data");
+	    free(t->cstring);
 	    free((char*)t);
 	    return(NULL);
 	    }
-	t->cstring = (char *) calloc((unsigned)(strlen(buf)+1), sizeof(char));
-	if (t->cstring == NULL) {
+
+	if (!strlen(t->cstring)) {
+	    free(t->cstring);
 	    put_msg(Err_mem);
 	    free((char*) t);
 	    return(NULL);
 	    }
-	(void)strcpy(t->cstring, buf);
 	if (t->size == 0) t->size = 18;
 	return(t);
 	}
@


1.1
log
@add a patch from
https://bugzilla.redhat.com/show_bug.cgi?id=543905
(slightly modified) to fix CVE-2009-4228
(Stack-based buffer overflow by loading malformed .FIG files)
@
text
@d1 1
a1 1
$NetBSD$
@