author: Dejan Lesjak <lesi@FreeBSD.org> 2006-08-26 04:09:21 +0000
committer: Dejan Lesjak <lesi@FreeBSD.org> 2006-08-26 04:09:21 +0000
commit: b2688d4e3dfdd50896228d96f3a1e0afe3a15aac (patch)
tree: 4f62b129c9100217ccb5afba6d01d1cfc8d354be /x11-servers
parent: a3a3bf49af91fc8ed82675d7179adc3bc53fe97d (diff)
download: ports-b2688d4e3dfdd50896228d96f3a1e0afe3a15aac.tar.gz
ports-b2688d4e3dfdd50896228d96f3a1e0afe3a15aac.zip
5 files changed, 100 insertions, 1 deletions
diff --git a/x11-servers/XFree86-4-NestServer/Makefile b/x11-servers/XFree86-4-NestServer/Makefile
index 6cc6b50d13cd..8782a9c7e091 100644
--- a/x11-servers/XFree86-4-NestServer/Makefile
+++ b/x11-servers/XFree86-4-NestServer/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	NestServer
 PORTVERSION=	4.5.0
+PORTREVISION=	1
 CATEGORIES=	x11-servers
 MASTER_SITES=	${MASTER_SITE_XFREE}
 MASTER_SITE_SUBDIR=	${PORTVERSION}
@@ -20,6 +21,7 @@ COMMENT=	XFree86-4 nested X server
 
 CONFLICTS=	xorg-nestserver-[0-9]*
 
+EXTRA_PATCHES=	${.CURDIR}/../../x11-servers/XFree86-4-Server/files/patch-lib_font_bitmap_pcfread.c
 MAN1=			Xnest.1
 PLIST_FILES=		bin/Xnest
 
diff --git a/x11-servers/XFree86-4-PrintServer/Makefile b/x11-servers/XFree86-4-PrintServer/Makefile
index 298ff3c9d9d0..cdd1f4f68a6b 100644
--- a/x11-servers/XFree86-4-PrintServer/Makefile
+++ b/x11-servers/XFree86-4-PrintServer/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	PrintServer
 PORTVERSION=	4.5.0
+PORTREVISION=	1
 CATEGORIES=	x11-servers
 MASTER_SITES=	${MASTER_SITE_XFREE}
 MASTER_SITE_SUBDIR=	${PORTVERSION}
@@ -20,6 +21,7 @@ COMMENT=	XFree86-4 print server
 
 CONFLICTS=	xorg-printserver-*
 
+EXTRA_PATCHES=	${.CURDIR}/../../x11-servers/XFree86-4-Server/files/patch-lib_font_bitmap_pcfread.c
 PLIST_FILES=		bin/Xprt
 XBUILD_DIRS=		lib/font lib/lbxutil lib/Xdmcp lib/Xau programs/Xserver
 XINCLUDE_DIRS=		lib/xkbfile lib/xtrans
diff --git a/x11-servers/XFree86-4-Server/Makefile b/x11-servers/XFree86-4-Server/Makefile
index d58da750f463..dc2fc573b7f1 100644
--- a/x11-servers/XFree86-4-Server/Makefile
+++ b/x11-servers/XFree86-4-Server/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	Server
 PORTVERSION=	4.5.0
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	x11-servers
 MASTER_SITES=	${MASTER_SITE_XFREE}
 MASTER_SITE_SUBDIR=	${PORTVERSION}
diff --git a/x11-servers/XFree86-4-Server/files/patch-lib_font_bitmap_pcfread.c b/x11-servers/XFree86-4-Server/files/patch-lib_font_bitmap_pcfread.c
new file mode 100644
index 000000000000..0983fdd5d677
--- /dev/null
+++ b/x11-servers/XFree86-4-Server/files/patch-lib_font_bitmap_pcfread.c
@@ -0,0 +1,93 @@
+--- lib/font/bitmap/pcfread.c.orig	Tue Nov 18 02:17:04 2003
++++ lib/font/bitmap/pcfread.c	Sat Aug 26 00:13:05 2006
+@@ -129,6 +129,10 @@
+ 	return (PCFTablePtr) NULL;
+     count = pcfGetLSB32(file);
+     if (IS_EOF(file)) return (PCFTablePtr) NULL;
++    if ((count < 0) || (count > (0x7fffffff / sizeof(PCFTableRec)))) {
++	pcfError("pcfReadTOC(): invalid file format\n");
++	return NULL;
++    }
+     tables = (PCFTablePtr) xalloc(count * sizeof(PCFTableRec));
+     if (!tables) {
+       pcfError("pcfReadTOC(): Couldn't allocate tables (%d*%d)\n", count, sizeof(PCFTableRec));
+@@ -248,6 +252,10 @@
+     if (!PCF_FORMAT_MATCH(format, PCF_DEFAULT_FORMAT))
+ 	goto Bail;
+     nprops = pcfGetINT32(file, format);
++    if ((nprops <= 0) || (nprops > (0x7fffffff / sizeof(FontPropRec)))) {
++	pcfError("pcfGetProperties(): invalid nprops value (%d)\n", nprops);
++	goto Bail;
++    }
+     if (IS_EOF(file)) goto Bail;
+     props = (FontPropPtr) xalloc(nprops * sizeof(FontPropRec));
+     if (!props) {
+@@ -263,6 +271,13 @@
+ 	props[i].name = pcfGetINT32(file, format);
+ 	isStringProp[i] = pcfGetINT8(file, format);
+ 	props[i].value = pcfGetINT32(file, format);
++	if (props[i].name < 0 
++	    || (isStringProp[i] != 0 && isStringProp[i] != 1)
++	    || (isStringProp[i] && props[i].value < 0)) {
++	    pcfError("pcfGetProperties(): invalid file format %d %d %d\n",
++		     props[i].name, isStringProp[i], props[i].value);
++	    goto Bail;
++	}
+ 	if (IS_EOF(file)) goto Bail;
+     }
+     /* pad the property array */
+@@ -278,6 +293,7 @@
+     }
+     if (IS_EOF(file)) goto Bail;
+     string_size = pcfGetINT32(file, format);
++    if (string_size < 0) goto Bail;
+     if (IS_EOF(file)) goto Bail;
+     strings = (char *) xalloc(string_size);
+     if (!strings) {
+@@ -418,6 +434,10 @@
+     else
+ 	nmetrics = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if ((nmetrics < 0) || (nmetrics > (0x7fffffff / sizeof(CharInfoRec)))) {
++	pcfError("pcfReadFont(): invalid file format\n");
++	goto Bail;
++    }
+     metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec));
+     if (!metrics) {
+       pcfError("pcfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec));
+@@ -443,7 +463,7 @@
+     nbitmaps = pcfGetINT32(file, format);
+     if (nbitmaps != nmetrics || IS_EOF(file))
+ 	goto Bail;
+-
++    /* nmetrics is already ok, so nbitmap also is */
+     offsets = (CARD32 *) xalloc(nbitmaps * sizeof(CARD32));
+     if (!offsets) {
+       pcfError("pcfReadFont(): Couldn't allocate offsets (%d*%d)\n", nbitmaps, sizeof(CARD32));
+@@ -457,6 +477,7 @@
+     for (i = 0; i < GLYPHPADOPTIONS; i++) {
+ 	bitmapSizes[i] = pcfGetINT32(file, format);
+ 	if (IS_EOF(file)) goto Bail;
++	if (bitmapSizes[i] < 0) goto Bail;
+     }
+     
+     sizebitmaps = bitmapSizes[PCF_GLYPH_PAD_INDEX(format)];
+@@ -532,6 +553,7 @@
+ 	if (IS_EOF(file)) goto Bail;
+ 	if (nink_metrics != nmetrics)
+ 	    goto Bail;
++	/* nmetrics already checked */
+ 	ink_metrics = (xCharInfo *) xalloc(nink_metrics * sizeof(xCharInfo));
+       if (!ink_metrics) {
+           pcfError("pcfReadFont(): Couldn't allocate ink_metrics (%d*%d)\n", nink_metrics, sizeof(xCharInfo));       
+@@ -805,6 +827,10 @@
+     else
+ 	nmetrics = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if ((nmetrics < 0) || (nmetrics > (0x7fffffff / sizeof(CharInfoRec)))) {
++	pcfError("pmfReadFont(): invalid file format\n");
++	goto Bail;
++    }
+     metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec));
+     if (!metrics) {
+       pcfError("pmfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec));
diff --git a/x11-servers/XFree86-4-VirtualFramebufferServer/Makefile b/x11-servers/XFree86-4-VirtualFramebufferServer/Makefile
index 7f112199e3fe..8fd6a015f035 100644
--- a/x11-servers/XFree86-4-VirtualFramebufferServer/Makefile
+++ b/x11-servers/XFree86-4-VirtualFramebufferServer/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	VirtualFramebufferServer
 PORTVERSION=	4.5.0
+PORTREVISION=	1
 CATEGORIES=	x11-servers
 MASTER_SITES=	${MASTER_SITE_XFREE}
 MASTER_SITE_SUBDIR=	${PORTVERSION}
@@ -20,6 +21,7 @@ COMMENT=	XFree86-4 virtual framebuffer server
 
 CONFLICTS=	xorg-vfbserver-[0-9]*
 
+EXTRA_PATCHES=	${.CURDIR}/../../x11-servers/XFree86-4-Server/files/patch-lib_font_bitmap_pcfread.c
 MAN1=			Xvfb.1
 PLIST_FILES=		bin/Xvfb
author	Dejan Lesjak <lesi@FreeBSD.org>	2006-08-26 04:09:21 +0000
committer	Dejan Lesjak <lesi@FreeBSD.org>	2006-08-26 04:09:21 +0000
commit	b2688d4e3dfdd50896228d96f3a1e0afe3a15aac (patch)
tree	4f62b129c9100217ccb5afba6d01d1cfc8d354be /x11-servers
parent	a3a3bf49af91fc8ed82675d7179adc3bc53fe97d (diff)
download	ports-b2688d4e3dfdd50896228d96f3a1e0afe3a15aac.tar.gz ports-b2688d4e3dfdd50896228d96f3a1e0afe3a15aac.zip