diff options
Diffstat (limited to 'gnu/packages/patches/mupdf-CVE-2016-7564.patch')
| -rw-r--r-- | gnu/packages/patches/mupdf-CVE-2016-7564.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7564.patch b/gnu/packages/patches/mupdf-CVE-2016-7564.patch new file mode 100644 index 0000000000..c2ce33d1df --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2016-7564.patch @@ -0,0 +1,34 @@ +Fix CVE-2016-7564: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564 +http://bugs.ghostscript.com/show_bug.cgi?id=697137 + +Patch copied from upstream source repository: +http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8 + +From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001 +From: Tor Andersson <tor.andersson@artifex.com> +Date: Tue, 20 Sep 2016 17:19:06 +0200 +Subject: [PATCH] Fix bug 697137: off by one in string length calculation. + +We were not allocating space for the terminating zero byte. +--- + jsfunction.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/jsfunction.c b/jsfunction.c +index 8b5b18e..28f7aa7 100644 +--- a/thirdparty/mujs/jsfunction.c ++++ b/thirdparty/mujs/jsfunction.c +@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J) + n += strlen(F->name); + for (i = 0; i < F->numparams; ++i) + n += strlen(F->vartab[i]) + 1; +- s = js_malloc(J, n); ++ s = js_malloc(J, n + 1); + strcpy(s, "function "); + strcat(s, F->name); + strcat(s, "("); +-- +2.10.2 + |