Add margin checks to rastertopwg (<rdar://problem/23132108>)

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12909 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt
index 7c196cc836f56456e4fc4420568a3f1b26686e1e..43a67f8901000a4e015bac6683bce3b9c251348f 100644 (file)
--- a/CHANGES-2.1.txt
+++ b/CHANGES-2.1.txt
@@ -3,7 +3,8 @@ CHANGES-2.1.txt
 
 CHANGES IN CUPS V2.1.1
 
-       - Security hardening fixes (<rdar://problem/23131948>)
+       - Security hardening fixes (<rdar://problem/23131948>,
+         <rdar://problem/23132108>)
        - The cupsGetPPD* functions did not work with IPP printers (STR #4725)
        - Some older HP LaserJet printers need a delayed close when printing
          using the libusb-based USB backend (STR #4549)

diff --git a/filter/rastertopwg.c b/filter/rastertopwg.c
index 569460bc06eaa4bedb7e4d8aa12a9a6bfefd06cd..ff6b76b729bb5c6e88c096c4afbebddbe23db4a4 100644 (file)
--- a/filter/rastertopwg.c
+++ b/filter/rastertopwg.c
@@ -105,6 +105,13 @@ main(int  argc,                            /* I - Number of command-line args */
     linesize    = (page_width * inheader.cupsBitsPerPixel + 7) / 8;
     lineoffset  = page_left * inheader.cupsBitsPerPixel / 8; /* Round down */
 
+    if (page_left > page_width || page_top > page_height || page_bottom > page_height)
+    {
+      _cupsLangPrintFilter(stderr, "ERROR", _("Unsupported raster data."));
+      fprintf(stderr, "DEBUG: Bad bottom/left/top margin on page %d.\n", page);
+      return (1);
+    }
+
     switch (inheader.cupsColorSpace)
     {
       case CUPS_CSPACE_W :