From: msweet Date: Wed, 25 Mar 2015 13:49:23 +0000 (+0000) Subject: Fix buffer overflow in rastertopwg (STR #4598) X-Git-Tag: v2.2b1~328 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94d5dc48147b6071a22aca97f664bb9de2daa8b6;p=thirdparty%2Fcups.git Fix buffer overflow in rastertopwg (STR #4598) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12568 a1ca3aef-8c08-0410-bb20-df032aa958be --- diff --git a/CHANGES-2.0.txt b/CHANGES-2.0.txt index 1bf59a935c..de1a5a7e43 100644 --- a/CHANGES-2.0.txt +++ b/CHANGES-2.0.txt @@ -5,6 +5,7 @@ CHANGES IN CUPS V2.0.3 - Restored missing generic printer icon file (STR #4587) - Fixed logging of configuration errors to show up as errors (STR #4582) + - Fixed buffer overflow in rastertopwg (STR #4598) - Added Russian translation (STR #4577) diff --git a/filter/Makefile b/filter/Makefile index 08451e9c44..ab22a5ddd0 100644 --- a/filter/Makefile +++ b/filter/Makefile @@ -367,6 +367,12 @@ rastertopwg: rastertopwg.o ../cups/$(LIBCUPS) $(LIBCUPSIMAGE) echo Linking $@... $(CC) $(LDFLAGS) -o $@ rastertopwg.o $(LINKCUPSIMAGE) $(IMGLIBS) $(LIBS) +rastertopwg-static: rastertopwg.o ../cups/$(LIBCUPSSTATIC) libcupsimage.a + echo Linking $@... + $(CC) $(LDFLAGS) -o $@ rastertopwg.o libcupsimage.a \ + ../cups/$(LIBCUPSSTATIC) $(IMGLIBS) $(DSOLIBS) $(COMMONLIBS) \ + $(SSLLIBS) $(DNSSDLIBS) $(LIBGSSAPI) + # # testraster diff --git a/filter/rastertopwg.c b/filter/rastertopwg.c index 0116fb1734..12f77d66ff 100644 --- a/filter/rastertopwg.c +++ b/filter/rastertopwg.c @@ -3,7 +3,7 @@ * * CUPS raster to PWG raster format filter for CUPS. * - * Copyright 2011, 2014 Apple Inc. + * Copyright 2011, 2014-2015 Apple Inc. * * These coded instructions, statements, and computer programs are the * property of Apple Inc. and are protected by Federal copyright law. @@ -401,6 +401,9 @@ main(int argc, /* I - Number of command-line args */ * Copy raster data... */ + if (linesize < inheader.cupsBytesPerLine) + linesize = inheader.cupsBytesPerLine; + line = malloc(linesize); memset(line, white, linesize);