1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 74_CVE-2009-0196.dpatch by Nico Golde <nion@debian.org>
4
## All lines beginning with `## DP:' are a description of the patch.
8
diff -urNad ghostscript-8.64~dfsg~/jbig2dec/jbig2_symbol_dict.c ghostscript-8.64~dfsg/jbig2dec/jbig2_symbol_dict.c
9
--- ghostscript-8.64~dfsg~/jbig2dec/jbig2_symbol_dict.c 2007-12-11 09:29:58.000000000 +0100
10
+++ ghostscript-8.64~dfsg/jbig2dec/jbig2_symbol_dict.c 2009-04-21 23:57:26.000000000 +0200
12
exrunlength = params->SDNUMEXSYMS;
14
code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
15
+ if (exrunlength > params->SDNUMEXSYMS - j) {
16
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
17
+ "runlength too large in export symbol table (%d > %d - %d)\n",
18
+ exrunlength, params->SDNUMEXSYMS, j);
19
+ jbig2_sd_release(ctx, SDEXSYMS);
20
+ /* skip to the cleanup code and return SDEXSYMS = NULL */
24
for(k = 0; k < exrunlength; k++)
26
SDEXSYMS->glyphs[j++] = (i < m) ?