summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/mupdf-CVE-2016-7564.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/mupdf-CVE-2016-7564.patch')
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-7564.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7564.patch b/gnu/packages/patches/mupdf-CVE-2016-7564.patch
new file mode 100644
index 0000000000..c2ce33d1df
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2016-7564.patch
@@ -0,0 +1,34 @@
+Fix CVE-2016-7564:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564
+http://bugs.ghostscript.com/show_bug.cgi?id=697137
+
+Patch copied from upstream source repository:
+http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8
+
+From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@artifex.com>
+Date: Tue, 20 Sep 2016 17:19:06 +0200
+Subject: [PATCH] Fix bug 697137: off by one in string length calculation.
+
+We were not allocating space for the terminating zero byte.
+---
+ jsfunction.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jsfunction.c b/jsfunction.c
+index 8b5b18e..28f7aa7 100644
+--- a/thirdparty/mujs/jsfunction.c
++++ b/thirdparty/mujs/jsfunction.c
+@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J)
+ n += strlen(F->name);
+ for (i = 0; i < F->numparams; ++i)
+ n += strlen(F->vartab[i]) + 1;
+- s = js_malloc(J, n);
++ s = js_malloc(J, n + 1);
+ strcpy(s, "function ");
+ strcat(s, F->name);
+ strcat(s, "(");
+--
+2.10.2
+
generated by cgit v1.2.3 (git 2.47.1) at 2025-01-27 20:45:34 +0000