diff options
Diffstat (limited to 'source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff')
-rw-r--r-- | source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff b/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff deleted file mode 100644 index 891c41fd..00000000 --- a/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff +++ /dev/null @@ -1,55 +0,0 @@ -From 3945969e0072217c143fefa3044512a31ac2afa8 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1@hush.com> -Date: Sun, 11 Aug 2013 -Subject: CVE-2012-2142 - -Filter stuff that might end up in the shell to address CVE-2012-2142. -This code was adapted from the Poppler project. ---- - Error.cc | 21 ++++++++++++++++----- - 1 file changed, 16 insertions(+), 5 deletions(-) - ---- a/xpdf/Error.cc 2013-08-11 -+++ b/xpdf/Error.cc 2013-08-11 -@@ -43,7 +43,7 @@ void setErrorCallback(void (*cbk)(void * - - void CDECL error(ErrorCategory category, int pos, const char *msg, ...) { - va_list args; -- GString *s; -+ GString *s, *sanitized; - - // NB: this can be called before the globalParams object is created - if (!errorCbk && globalParams && globalParams->getErrQuiet()) { -@@ -52,17 +52,28 @@ void CDECL error(ErrorCategory category, - va_start(args, msg); - s = GString::formatv(msg, args); - va_end(args); -+ -+ sanitized = new GString (); -+ for (int i = 0; i < s->getLength(); ++i) { -+ const char c = s->getChar(i); -+ if (c < (char)0x20 || c >= (char)0x7f) { -+ sanitized->appendf("<{0:02x}>", c & 0xff); -+ } else { -+ sanitized->append(c); -+ } -+ } -+ - if (errorCbk) { -- (*errorCbk)(errorCbkData, category, pos, s->getCString()); -+ (*errorCbk)(errorCbkData, category, pos, sanitized->getCString()); - } else { - if (pos >= 0) { - fprintf(stderr, "%s (%d): %s\n", -- errorCategoryNames[category], pos, s->getCString()); -+ errorCategoryNames[category], pos, sanitized->getCString()); - } else { - fprintf(stderr, "%s: %s\n", -- errorCategoryNames[category], s->getCString()); -+ errorCategoryNames[category], sanitized->getCString()); - } - fflush(stderr); - } -- delete s; -+ delete sanitized; - } |