summary refs log tree commit diff
path: root/gnu/packages/patches/mupdf-CVE-2016-7506.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/mupdf-CVE-2016-7506.patch')
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-7506.patch42
1 files changed, 0 insertions, 42 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7506.patch b/gnu/packages/patches/mupdf-CVE-2016-7506.patch
deleted file mode 100644
index 733249acaa..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-7506.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2016-7506:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7506
-http://bugs.ghostscript.com/show_bug.cgi?id=697141
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5000749f5afe3b956fc916e407309de840997f4a
-
-From 5000749f5afe3b956fc916e407309de840997f4a Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Wed, 21 Sep 2016 16:02:11 +0200
-Subject: [PATCH] Fix bug 697141: buffer overrun in regexp string substitution.
-
-A '$' escape at the end of the string would read past the zero terminator
-when looking for the escaped character.
----
- jsstring.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/jsstring.c b/jsstring.c
-index 66f6a89..0209a8e 100644
---- a/thirdparty/mujs/jsstring.c
-+++ b/thirdparty/mujs/jsstring.c
-@@ -421,6 +421,7 @@ loop:
- 		while (*r) {
- 			if (*r == '$') {
- 				switch (*(++r)) {
-+				case 0: --r; /* end of string; back up and fall through */
- 				case '$': js_putc(J, &sb, '$'); break;
- 				case '`': js_putm(J, &sb, source, s); break;
- 				case '\'': js_puts(J, &sb, s + n); break;
-@@ -516,6 +517,7 @@ static void Sp_replace_string(js_State *J)
- 		while (*r) {
- 			if (*r == '$') {
- 				switch (*(++r)) {
-+				case 0: --r; /* end of string; back up and fall through */
- 				case '$': js_putc(J, &sb, '$'); break;
- 				case '&': js_putm(J, &sb, s, s + n); break;
- 				case '`': js_putm(J, &sb, source, s); break;
--- 
-2.10.2
-