From fc83782cc66577cdf2f67391a4cd1c872683cd73 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Fri, 21 Apr 2006 23:40:31 +0000 Subject: [PATCH] - orphaned, outdated Changed files: cups-idefense-v2.patch -> 1.2 cups-pdftops.patch -> 1.2 cups-pstoraster-gcc-2.96.patch -> 1.2 cups-tmprace.patch -> 1.2 --- cups-idefense-v2.patch | 565 --------------------------------- cups-pdftops.patch | 121 ------- cups-pstoraster-gcc-2.96.patch | 21 -- cups-tmprace.patch | 23 -- 4 files changed, 730 deletions(-) delete mode 100644 cups-idefense-v2.patch delete mode 100644 cups-pdftops.patch delete mode 100644 cups-pstoraster-gcc-2.96.patch delete mode 100644 cups-tmprace.patch diff --git a/cups-idefense-v2.patch b/cups-idefense-v2.patch deleted file mode 100644 index d54de94..0000000 --- a/cups-idefense-v2.patch +++ /dev/null @@ -1,565 +0,0 @@ -Index: cgi-bin/var.c -=================================================================== -RCS file: /development/cvs/cups/cgi-bin/var.c,v -retrieving revision 1.21 -retrieving revision 1.22 -diff -u -r1.21 -r1.22 ---- cgi-bin/var.c 2002/01/02 17:58:37 1.21 -+++ cgi-bin/var.c 2002/12/12 20:56:29 1.22 -@@ -242,7 +242,7 @@ - var_t *var; /* Returned variable */ - - -- if (name == NULL || value == NULL || element < 0) -+ if (name == NULL || value == NULL || element < 0 || element > 100000) - return; - - if ((var = cgi_find_variable(name)) == NULL) -@@ -286,7 +286,7 @@ - var_t *var; /* Returned variable */ - - -- if (name == NULL || size < 0) -+ if (name == NULL || size < 0 || size > 100000) - return; - - if ((var = cgi_find_variable(name)) == NULL) -@@ -361,7 +361,7 @@ - var_t *var; /* New variable */ - - -- if (name == NULL || value == NULL) -+ if (name == NULL || value == NULL || element < 0 || element > 100000) - return; - - #ifdef DEBUG -Index: conf/cupsd.conf.in -=================================================================== -RCS file: /development/cvs/cups/conf/cupsd.conf.in,v -retrieving revision 1.7 -retrieving revision 1.8 -diff -u -r1.7 -r1.8 ---- conf/cupsd.conf.in.orig 2001-09-14 18:52:05.000000000 +0200 -+++ conf/cupsd.conf.in 2002-12-17 13:36:34.000000000 +0100 -@@ -358,6 +358,15 @@ - #MaxClients 100 - - # -+# MaxClientsPerHost: controls the maximum number of simultaneous clients that -+# will be handled from a specific host. Defaults to 10 or 1/10th of the -+# MaxClients setting, whichever is larger. A value of 0 specifies the -+# automatic (10 or 1/10th) setting. -+# -+ -+#MaxClientsPerHost 0 -+ -+# - # MaxRequestSize: controls the maximum size of HTTP requests and print files. - # Set to 0 to disable this feature (defaults to 0.) - # -Index: cups/http.c -=================================================================== -RCS file: /development/cvs/cups/cups/http.c,v -retrieving revision 1.105 -retrieving revision 1.107 -diff -u -r1.105 -r1.107 ---- cups/http.c 2002/10/30 20:04:56 1.105 -+++ cups/http.c 2002/12/12 21:44:42 1.107 -@@ -896,11 +896,16 @@ - } - - http->data_remaining = strtol(len, NULL, 16); -+ if (http->data_remaining < 0) -+ { -+ DEBUG_puts("httpRead: Negative chunk length!"); -+ return (0); -+ } - } - - DEBUG_printf(("httpRead: data_remaining = %d\n", http->data_remaining)); - -- if (http->data_remaining == 0) -+ if (http->data_remaining <= 0) - { - /* - * A zero-length chunk ends a transfer; unless we are reading POST -Index: filter/image-bmp.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-bmp.c,v -retrieving revision 1.8 -retrieving revision 1.9 -diff -u -r1.8 -r1.9 ---- filter/image-bmp.c 2002/04/19 16:17:26 1.8 -+++ filter/image-bmp.c 2002/12/13 15:52:20 1.9 -@@ -105,8 +105,15 @@ - read_word(fp); - offset = read_dword(fp); - -- fprintf(stderr, "offset = %d\n", offset); -+ fprintf(stderr, "DEBUG: offset = %d\n", offset); - -+ if (offset < 0) -+ { -+ fprintf(stderr, "ERROR: Bad BMP offset %d\n", offset); -+ fclose(fp); -+ return (1); -+ } -+ - /* - * Then the bitmap information... - */ -@@ -123,15 +130,34 @@ - colors_used = read_dword(fp); - colors_important = read_dword(fp); - -+ if (img->xsize == 0 || img->xsize > IMAGE_MAX_WIDTH || -+ img->ysize == 0 || img->ysize > IMAGE_MAX_HEIGHT || -+ (depth != 1 && depth != 4 && depth != 8 && depth != 24)) -+ { -+ fprintf(stderr, "ERROR: Bad BMP dimensions %ux%ux%d\n", -+ img->xsize, img->ysize, depth); -+ fclose(fp); -+ return (1); -+ } -+ -+ if (colors_used < 0 || colors_used > 256) -+ { -+ fprintf(stderr, "ERROR: Bad BMP colormap size %d\n", colors_used); -+ fclose(fp); -+ return (1); -+ } -+ -+ if (img->xppi == 0 || img->yppi == 0) -+ { -+ fprintf(stderr, "ERROR: Bad BMP resolution %dx%d PPI.\n", -+ img->xppi, img->yppi); -+ img->xppi = img->yppi = 128; -+ } -+ - /* - * Make sure the resolution info is valid... - */ - -- if (img->xppi == 0) -- img->xppi = 128; -- if (img->yppi == 0) -- img->yppi = 128; -- - fprintf(stderr, "info_size = %d, xsize = %d, ysize = %d, planes = %d, depth = %d\n", - info_size, img->xsize, img->ysize, planes, depth); - fprintf(stderr, "compression = %d, image_size = %d, xppi = %d, yppi = %d\n", -@@ -150,7 +176,8 @@ - if (colors_used == 0 && depth <= 8) - colors_used = 1 << depth; - -- fread(colormap, colors_used, 4, fp); -+ if (colors_used > 0) -+ fread(colormap, colors_used, 4, fp); - - /* - * Setup image and buffers... - - - -Index: filter/image-gif.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-gif.c,v -retrieving revision 1.13 -retrieving revision 1.15 -diff -u -r1.13 -r1.15 ---- filter/image-gif.c 2002/11/27 04:43:53 1.13 -+++ filter/image-gif.c 2002/12/13 15:52:20 1.15 -@@ -233,6 +233,19 @@ - img->xsize = (buf[5] << 8) | buf[4]; - img->ysize = (buf[7] << 8) | buf[6]; - -+ /* -+ * Check the dimensions of the image; since the dimensions are -+ * a 16-bit integer we just need to check for 0... -+ */ -+ -+ if (img->xsize == 0 || img->ysize == 0) -+ { -+ fprintf(stderr, "ERROR: Bad GIF image dimensions: %dx%d\n", -+ img->xsize, img->ysize); -+ fclose(fp); -+ return (1); -+ } -+ - i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); - fclose(fp); - return (i); -Index: filter/image-jpeg.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-jpeg.c,v -retrieving revision 1.15 -retrieving revision 1.16 -diff -u -r1.15 -r1.16 ---- filter/image-jpeg.c 2002/04/19 16:17:26 1.15 -+++ filter/image-jpeg.c 2002/12/13 15:52:20 1.16 -@@ -126,6 +126,18 @@ - - jpeg_calc_output_dimensions(&cinfo); - -+ if (cinfo.output_width <= 0 || cinfo.output_width > IMAGE_MAX_WIDTH || -+ cinfo.output_height <= 0 || cinfo.output_height > IMAGE_MAX_HEIGHT) -+ { -+ fprintf(stderr, "ERROR: Bad JPEG dimensions %dx%d!\n", -+ cinfo.output_width, cinfo.output_height); -+ -+ jpeg_destroy_decompress(&cinfo); -+ -+ fclose(fp); -+ return (1); -+ } -+ - img->xsize = cinfo.output_width; - img->ysize = cinfo.output_height; - -@@ -141,6 +153,13 @@ - img->xppi = (int)((float)cinfo.X_density * 2.54); - img->yppi = (int)((float)cinfo.Y_density * 2.54); - } -+ -+ if (img->xppi == 0 || img->yppi == 0) -+ { -+ fprintf(stderr, "ERROR: Bad JPEG image resolution %dx%d PPI.\n", -+ img->xppi, img->yppi); -+ img->xppi = img->yppi = 128; -+ } - } - - fprintf(stderr, "DEBUG: JPEG image %dx%dx%d, %dx%d PPI\n", -Index: filter/image-pix.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-pix.c,v -retrieving revision 1.6 -retrieving revision 1.7 -diff -u -r1.6 -r1.7 ---- filter/image-pix.c 2002/04/19 16:17:27 1.6 -+++ filter/image-pix.c 2002/12/13 15:52:20 1.7 -@@ -78,6 +78,21 @@ - read_short(fp); - depth = read_short(fp); - -+ /* -+ * Check the dimensions of the image. Since the short values used for the -+ * width and height cannot exceed IMAGE_MAX_WIDTH or IMAGE_MAX_HEIGHT, we -+ * just need to verify they are positive integers. -+ */ -+ -+ if (width <= 0 || height <= 0 || -+ (depth != 8 && depth != 24)) -+ { -+ fprintf(stderr, "ERROR: Bad PIX image dimensions %dx%dx%d\n", -+ width, height, depth); -+ fclose(fp); -+ return (1); -+ } -+ - if (depth == 8) - img->colorspace = secondary; - else -Index: filter/image-png.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-png.c,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- filter/image-png.c 2002/04/19 16:17:27 1.14 -+++ filter/image-png.c 2002/12/13 15:52:20 1.15 -@@ -90,6 +90,15 @@ - else - img->colorspace = (primary == IMAGE_RGB_CMYK) ? IMAGE_RGB : primary; - -+ if (info->width == 0 || info->width > IMAGE_MAX_WIDTH || -+ info->height == 0 || info->height > IMAGE_MAX_HEIGHT) -+ { -+ fprintf(stderr, "ERROR: PNG image has invalid dimensions %ux%u!\n", -+ (unsigned)info->width, (unsigned)info->height); -+ fclose(fp); -+ return (1); -+ } -+ - img->xsize = info->width; - img->ysize = info->height; - -@@ -98,6 +107,14 @@ - { - img->xppi = (int)((float)info->x_pixels_per_unit * 0.0254); - img->yppi = (int)((float)info->y_pixels_per_unit * 0.0254); -+ -+ if (img->xppi == 0 || img->yppi == 0) -+ { -+ fprintf(stderr, "ERROR: PNG image has invalid resolution %dx%d PPI\n", -+ img->xppi, img->yppi); -+ -+ img->xppi = img->yppi = 128; -+ } - } - - ImageSetMaxTiles(img, 0); -Index: filter/image-pnm.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-pnm.c,v -retrieving revision 1.10 -retrieving revision 1.11 -diff -u -r1.10 -r1.11 ---- filter/image-pnm.c 2002/04/19 16:17:27 1.10 -+++ filter/image-pnm.c 2002/12/13 15:52:20 1.11 -@@ -132,6 +132,22 @@ - else - maxval = 1; - -+ if (img->xsize == 0 || img->xsize > IMAGE_MAX_WIDTH || -+ img->ysize == 0 || img->ysize > IMAGE_MAX_HEIGHT) -+ { -+ fprintf(stderr, "ERROR: Bad PNM dimensions %dx%d!\n", -+ img->xsize, img->ysize); -+ fclose(fp); -+ return (1); -+ } -+ -+ if (maxval == 0) -+ { -+ fprintf(stderr, "ERROR: Bad PNM max value %d!\n", maxval); -+ fclose(fp); -+ return (1); -+ } -+ - if (format == 1 || format == 2 || format == 4 || format == 5) - img->colorspace = secondary; - else -Index: filter/image-sgi.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-sgi.c,v -retrieving revision 1.11 -retrieving revision 1.12 -diff -u -r1.11 -r1.12 ---- filter/image-sgi.c 2002/04/19 16:17:27 1.11 -+++ filter/image-sgi.c 2002/12/13 15:52:20 1.12 -@@ -73,6 +73,22 @@ - * Get the image dimensions and load the output image... - */ - -+ /* -+ * Check the image dimensions; since xsize and ysize are unsigned shorts, -+ * just check if they are 0 since they can't exceed IMAGE_MAX_WIDTH or -+ * IMAGE_MAX_HEIGHT... -+ */ -+ -+ if (sgip->xsize == 0 || sgip->ysize == 0 || -+ sgip->zsize == 0 || sgip->zsize > 4) -+ { -+ fprintf(stderr, "ERROR: Bad SGI image dimensions %ux%ux%u!\n", -+ sgip->xsize, sgip->ysize, sgip->zsize); -+ sgiClose(sgip); -+ fclose(fp); -+ return (1); -+ } -+ - if (sgip->zsize < 3) - img->colorspace = secondary; - else -Index: filter/image-sun.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-sun.c,v -retrieving revision 1.12 -retrieving revision 1.14 -diff -u -r1.12 -r1.14 ---- filter/image-sun.c 2002/10/22 18:43:45 1.12 -+++ filter/image-sun.c 2002/12/13 15:52:20 1.14 -@@ -121,6 +121,15 @@ - fprintf(stderr, "DEBUG: ras_width=%d, ras_height=%d, ras_depth=%d, ras_type=%d, ras_maplength=%d\n", - img->xsize, img->ysize, ras_depth, ras_type, ras_maplength); - -+ if (ras_maplength > 768 || -+ img->xsize == 0 || img->xsize > IMAGE_MAX_WIDTH || -+ img->ysize == 0 || img->ysize > IMAGE_MAX_HEIGHT || -+ ras_depth == 0 || ras_depth > 32) -+ { -+ fputs("ERROR: Raster image cannot be loaded!\n", stderr); -+ return (1); -+ } -+ - if (ras_maplength > 0) - { - memset(cmap[0], 255, sizeof(cmap[0])); -Index: filter/image-tiff.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-tiff.c,v -retrieving revision 1.23 -retrieving revision 1.24 -diff -u -r1.23 -r1.24 ---- filter/image-tiff.c 2002/04/19 16:17:27 1.23 -+++ filter/image-tiff.c 2002/12/13 15:52:21 1.24 -@@ -173,6 +173,12 @@ - img->yppi = 128; - } - -+ if (img->xppi == 0 || img->yppi == 0) -+ { -+ fputs("ERROR: Bad TIFF resolution.\n", stderr); -+ img->xppi = img->yppi = 128; -+ } -+ - fprintf(stderr, "DEBUG: TIFF resolution = %fx%f, units=%d\n", - xres, yres, resunit); - fprintf(stderr, "DEBUG: Stored resolution = %dx%d PPI\n", -@@ -189,6 +195,23 @@ - alpha = 0; - - /* -+ * Check the size of the image... -+ */ -+ -+ if (width == 0 || width > IMAGE_MAX_WIDTH || -+ height == 0 || height > IMAGE_MAX_HEIGHT || -+ (bits != 1 && bits != 2 && bits != 4 && bits != 8) || -+ samples < 1 || samples > 4) -+ { -+ fprintf(stderr, "ERROR: Bad TIFF dimensions %ux%ux%ux%u!\n", -+ (unsigned)width, (unsigned)height, (unsigned)bits, -+ (unsigned)samples); -+ TIFFClose(tif); -+ fclose(fp); -+ return (1); -+ } -+ -+ /* - * Setup the image size and colorspace... - */ - -Index: filter/image-zoom.c -=================================================================== -RCS file: /development/cvs/cups/filter/image-zoom.c,v -retrieving revision 1.10 -retrieving revision 1.11 -diff -u -r1.10 -r1.11 ---- filter/image-zoom.c 2002/08/27 16:19:38 1.10 -+++ filter/image-zoom.c 2002/12/13 15:52:21 1.11 -@@ -58,6 +58,12 @@ - int flip; /* Flip on X axis? */ - - -+ if (xsize > IMAGE_MAX_WIDTH || -+ ysize > IMAGE_MAX_HEIGHT || -+ (x1 - x0) > IMAGE_MAX_WIDTH || -+ (y1 - y0) > IMAGE_MAX_HEIGHT) -+ return (NULL); /* Protect against integer overflow */ -+ - if ((z = (izoom_t *)calloc(1, sizeof(izoom_t))) == NULL) - return (NULL); - -Index: filter/image.h -=================================================================== -RCS file: /development/cvs/cups/filter/image.h,v -retrieving revision 1.15 -retrieving revision 1.16 -diff -u -r1.15 -r1.16 ---- filter/image.h 2002/04/29 15:56:58 1.15 -+++ filter/image.h 2002/12/13 15:52:21 1.16 -@@ -40,6 +40,13 @@ - - - /* -+ * Maximum image dimensions that we can handle... -+ */ -+ -+# define IMAGE_MAX_WIDTH 0x07ffffff /* 2^27-1 to allow for 15-channel data */ -+# define IMAGE_MAX_HEIGHT 0x7fffffff /* 2^31-1 */ -+ -+/* - * Colorspaces... - */ - -@@ -50,7 +57,6 @@ - # define IMAGE_RGB 3 /* Red, green, and blue */ - # define IMAGE_RGB_CMYK 4 /* Use RGB or CMYK */ - -- - /* - * Tile definitions... - */ -Index: scheduler/client.c -=================================================================== -RCS file: /development/cvs/cups/scheduler/client.c,v -retrieving revision 1.128 -retrieving revision 1.130 -diff -u -r1.128 -r1.130 ---- scheduler/client.c 2002/11/21 14:58:18 1.128 -+++ scheduler/client.c 2002/12/13 16:24:05 1.130 -@@ -492,6 +520,12 @@ - LogMessage(L_DEBUG2, "ReadClient() %d, used=%d", con->http.fd, - con->http.used); - -+ if (con->http.error) -+ { -+ CloseClient(con); -+ return (0); -+ } -+ - switch (con->http.state) - { - case HTTP_WAITING : -@@ -944,6 +978,20 @@ - - break; - } -+ else if (atoi(con->http.fields[HTTP_FIELD_CONTENT_LENGTH]) < 0) -+ { -+ /* -+ * Negative content lengths are invalid! -+ */ -+ -+ if (!SendError(con, HTTP_BAD_REQUEST)) -+ { -+ CloseClient(con); -+ return (0); -+ } -+ -+ break; -+ } - - /* - * See what kind of POST request this is; for IPP requests the -Index: scheduler/dirsvc.c -=================================================================== -RCS file: /development/cvs/cups/scheduler/dirsvc.c,v -retrieving revision 1.100 -retrieving revision 1.101 -diff -u -r1.100 -r1.101 ---- scheduler/dirsvc.c 2002/09/26 15:19:31 1.100 -+++ scheduler/dirsvc.c 2002/12/12 20:56:32 1.101 -@@ -88,6 +88,31 @@ - httpSeparate(uri, method, username, host, &port, resource); - - /* -+ * Determine if the URI contains any illegal characters in it... -+ */ -+ -+ if (strncmp(uri, "ipp://", 6) != 0 || -+ !host[0] || -+ (strncmp(resource, "/printers/", 10) != 0 && -+ strncmp(resource, "/classes/", 9) != 0)) -+ { -+ LogMessage(L_ERROR, "ProcessBrowseData: Bad printer URI in browse data: %s", -+ uri); -+ return; -+ } -+ -+ if (strchr(resource, '?') != NULL || -+ (strncmp(resource, "/printers/", 10) == 0 && -+ strchr(resource + 10, '/') != NULL) || -+ (strncmp(resource, "/classes/", 9) == 0 && -+ strchr(resource + 9, '/') != NULL)) -+ { -+ LogMessage(L_ERROR, "ProcessBrowseData: Bad resource in browse data: %s", -+ resource); -+ return; -+ } -+ -+ /* - * OK, this isn't a local printer; see if we already have it listed in - * the Printers list, and add it if not... - */ diff --git a/cups-pdftops.patch b/cups-pdftops.patch deleted file mode 100644 index 0ca4a41..0000000 --- a/cups-pdftops.patch +++ /dev/null @@ -1,121 +0,0 @@ ---- pdftops/GfxState.cxx.pdftops 2002-12-17 11:41:20.000000000 +0000 -+++ pdftops/GfxState.cxx 2002-12-17 14:13:52.000000000 +0000 -@@ -12,6 +12,7 @@ - - #include - #include -+#include - #include - #include // for memcpy() - #include "gmem.h" -@@ -749,6 +750,7 @@ - int indexHighA) { - base = baseA; - indexHigh = indexHighA; -+ // Checked in GfxIndexedColorSpace::parse - lookup = (Guchar *)gmalloc((indexHigh + 1) * base->getNComps() * - sizeof(Guchar)); - } -@@ -792,9 +794,13 @@ - } - indexHighA = obj1.getInt(); - obj1.free(); -+ n = baseA->getNComps(); -+ if ((unsigned int)(indexHighA + 1) >= INT_MAX / (n * sizeof (Guchar))) { -+ error(-1, "Bad Indexed color space (too high)"); -+ goto err1; -+ } - cs = new GfxIndexedColorSpace(baseA, indexHighA); - arr->get(3, &obj1); -- n = baseA->getNComps(); - if (obj1.isStream()) { - obj1.streamReset(); - for (i = 0; i <= indexHighA; ++i) { -@@ -1674,6 +1680,8 @@ - colorSpace2 = indexedCS->getBase(); - indexHigh = indexedCS->getIndexHigh(); - nComps2 = colorSpace2->getNComps(); -+ if ((unsigned int)(indexHigh + 1) >= INT_MAX / (nComps2 * sizeof(double))) -+ goto err1; - lookup = (double *)gmalloc((indexHigh + 1) * nComps2 * sizeof(double)); - lookup2 = indexedCS->getLookup(); - for (i = 0; i <= indexHigh; ++i) { -@@ -1686,6 +1694,8 @@ - sepCS = (GfxSeparationColorSpace *)colorSpace; - colorSpace2 = sepCS->getAlt(); - nComps2 = colorSpace2->getNComps(); -+ if ((unsigned int)(maxPixel + 1) >= INT_MAX / (nComps2 * sizeof(double))) -+ goto err1; - lookup = (double *)gmalloc((maxPixel + 1) * nComps2 * sizeof(double)); - sepFunc = sepCS->getFunc(); - for (i = 0; i <= maxPixel; ++i) { -@@ -1696,6 +1706,8 @@ - } - } - } else { -+ if ((unsigned int)(maxPixel + 1) >= INT_MAX / (nComps * sizeof(double))) -+ goto err1; - lookup = (double *)gmalloc((maxPixel + 1) * nComps * sizeof(double)); - for (i = 0; i <= maxPixel; ++i) { - for (k = 0; k < nComps; ++k) { -@@ -1781,6 +1793,7 @@ - - GfxSubpath::GfxSubpath(double x1, double y1) { - size = 16; -+ // safe - x = (double *)gmalloc(size * sizeof(double)); - y = (double *)gmalloc(size * sizeof(double)); - curve = (GBool *)gmalloc(size * sizeof(GBool)); -@@ -1801,6 +1814,7 @@ - GfxSubpath::GfxSubpath(GfxSubpath *subpath) { - size = subpath->size; - n = subpath->n; -+ // safe (subpath->size is constrained) - x = (double *)gmalloc(size * sizeof(double)); - y = (double *)gmalloc(size * sizeof(double)); - curve = (GBool *)gmalloc(size * sizeof(GBool)); -@@ -1812,6 +1826,7 @@ - - void GfxSubpath::lineTo(double x1, double y1) { - if (n >= size) { -+ if ((unsigned int)(size + 16) >= INT_MAX / sizeof (double)) return; - size += 16; - x = (double *)grealloc(x, size * sizeof(double)); - y = (double *)grealloc(y, size * sizeof(double)); -@@ -1826,6 +1841,7 @@ - void GfxSubpath::curveTo(double x1, double y1, double x2, double y2, - double x3, double y3) { - if (n+3 > size) { -+ if ((unsigned int)(size + 16) >= INT_MAX / sizeof (double)) return; - size += 16; - x = (double *)grealloc(x, size * sizeof(double)); - y = (double *)grealloc(y, size * sizeof(double)); -@@ -1854,6 +1870,7 @@ - size = 16; - n = 0; - firstX = firstY = 0; -+ // safe - subpaths = (GfxSubpath **)gmalloc(size * sizeof(GfxSubpath *)); - } - -@@ -1875,6 +1892,7 @@ - firstY = firstY1; - size = size1; - n = n1; -+ // not sure - subpaths = (GfxSubpath **)gmalloc(size * sizeof(GfxSubpath *)); - for (i = 0; i < n; ++i) - subpaths[i] = subpaths1[i]->copy(); -@@ -2063,8 +2081,10 @@ - strokePattern = state->strokePattern->copy(); - } - if (lineDashLength > 0) { -- lineDash = (double *)gmalloc(lineDashLength * sizeof(double)); -- memcpy(lineDash, state->lineDash, lineDashLength * sizeof(double)); -+ if (lineDashLength < INT_MAX / sizeof (double)) { -+ lineDash = (double *)gmalloc(lineDashLength * sizeof(double)); -+ memcpy(lineDash, state->lineDash, lineDashLength * sizeof(double)); -+ } - } - saved = NULL; - } diff --git a/cups-pstoraster-gcc-2.96.patch b/cups-pstoraster-gcc-2.96.patch deleted file mode 100644 index 5d0926a..0000000 --- a/cups-pstoraster-gcc-2.96.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- cups-1.1.10/pstoraster/genarch.c.orig Thu Mar 29 18:55:43 2001 -+++ cups-1.1.10/pstoraster/genarch.c Thu Mar 29 18:58:27 2001 -@@ -28,6 +28,7 @@ - - #include "stdpre.h" - #include -+#include - - /* We should write the result on stdout, but the original Turbo C 'make' */ - /* can't handle output redirection (sigh). */ ---- cups-1.1.10/pstoraster/zchar1.c.orig Thu Mar 29 18:51:23 2001 -+++ cups-1.1.10/pstoraster/zchar1.c Thu Mar 29 18:52:23 2001 -@@ -49,6 +49,8 @@ - #include "iname.h" - #include "store.h" - -+#include -+ - /* Test whether a font is Type 1 compatible. */ - inline private bool - font_is_type1_compatible(const gs_font *pfont) diff --git a/cups-tmprace.patch b/cups-tmprace.patch deleted file mode 100644 index cf987ac..0000000 --- a/cups-tmprace.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- scheduler/cert.c.orig Mon Dec 16 05:14:17 2002 -+++ scheduler/cert.c Mon Dec 16 05:14:19 2002 -@@ -51,6 +51,7 @@ - int i; /* Looping var */ - cert_t *cert; /* Current certificate */ - FILE *fp; /* Certificate file */ -+ int fd; - char filename[1024]; /* Certificate filename */ - struct group *grp; /* System group */ - static const char *hex = "0123456789ABCDEF"; -@@ -80,8 +81,11 @@ - */ - - snprintf(filename, sizeof(filename), "%s/certs/%d", ServerRoot, pid); -+ unlink(filename); - -- if ((fp = fopen(filename, "w")) == NULL) -+ fd = open(filename, O_WRONLY|O_CREAT|O_EXCL, 0400); -+ -+ if (fd < 0 || ((fp = fdopen(fd, "w")) == NULL)) - { - free(cert); - return; -- 2.44.0