登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
123 Star 0 Fork 33

src-openEuler/texlive-base

代码 Issues 5 Pull Requests 6 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
CVE-2023-46048.patch 2.50 KB
一键复制 编辑 原始数据 按行查看 历史
wk333 提交于 2024-08-05 15:22 . Fix CVE-2023-46048, CVE-2023-46051
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
Origin:

https://github.com/TeX-Live/texlive-source/commit/33b330bc48ed2df69daf80a81be3cde8bf794816

https://tug.org/pipermail/tex-live/2023-August/049402.html



From 33b330bc48ed2df69daf80a81be3cde8bf794816 Mon Sep 17 00:00:00 2001

From: Karl Berry <[email protected]>

Date: Sat, 26 Aug 2023 17:50:10 +0000

Subject: [PATCH] guard against corrupt pfb in dup tests, pdftex r910



git-svn-id: svn://tug.org/texlive/trunk/Build/source@68069 c570f23f-e606-0410-a88d-b1316a301751

---

 texlive-20210325-source/texk/web2c/pdftexdir/writet1.c | 15 ++++++++++++---

 1 files changed, 12 insertions(+), 3 deletions(-)



diff --git a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c b/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c

index 0444d46be0..f2a8386cab 100644

--- a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c

+++ b/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c

@@ -841,7 +841,10 @@ static char **t1_builtin_enc(void)

                 *t1_buf_array == '/' && valid_code(i)) {

                 if (strcmp(t1_buf_array + 1, notdef) != 0)

                     glyph_names[i] = xstrdup(t1_buf_array + 1);

-                p = strstr(p, " put") + strlen(" put");

+                p = strstr(p, " put");

+                if (!p)

+                    pdftex_fail("invalid pfb, no put found in dup");

+                p += strlen(" put");

                 skip(p, ' ');

             }

             /*

@@ -850,7 +853,10 @@ static char **t1_builtin_enc(void)

             else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2

                      && valid_code(a) && valid_code(b)) {

                 copy_glyph_names(glyph_names, a, b);

-                p = strstr(p, " get put") + strlen(" get put");

+                p = strstr(p, " get put");

+                if (!p)

+                    pdftex_fail("invalid pfb, no get put found in dup dup");

+                p += strlen(" get put");

                 skip(p, ' ');

             }

             /*

@@ -861,7 +867,10 @@ static char **t1_builtin_enc(void)

                      && valid_code(a) && valid_code(b) && valid_code(c)) {

                 for (i = 0; i < c; i++)

                     copy_glyph_names(glyph_names, a + i, b + i);

-                p = strstr(p, " putinterval") + strlen(" putinterval");

+                p = strstr(p, " putinterval");

+                if (!p)

+                   pdftex_fail("invalid pfb, no putinterval found in dup dup");

+                p += strlen(" putinterval");

                 skip(p, ' ');

             }

             /*
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/src-openeuler/texlive-base.git
[email protected]:src-openeuler/texlive-base.git
src-openeuler
texlive-base
texlive-base
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部