- outdated

[packages/X11.git] / x11r6.9.0-cidfonts.diff

diff --git a/x11r6.9.0-cidfonts.diff b/x11r6.9.0-cidfonts.diff
deleted file mode 100644 (file)
index 035328e..0000000
--- a/x11r6.9.0-cidfonts.diff
+++ /dev/null
@@ -1,96 +0,0 @@
-Index: lib/font/Type1/afm.c
-===================================================================
-RCS file: /cvs/xorg/xc/lib/font/Type1/afm.c,v
-retrieving revision 1.5
-diff -u -u -r1.5 afm.c
---- lib/font/Type1/afm.c       9 Jul 2005 23:30:06 -0000       1.5
-+++ lib/font/Type1/afm.c       12 Sep 2006 07:49:46 -0000
-@@ -29,6 +29,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
-+#include <limits.h>
- #else
- #include "Xmd.h"        /* For INT32 declaration */
- #include "Xdefs.h"      /* For Bool */
-@@ -118,6 +119,11 @@
-             
-             fi->nChars = atoi(p);
- 
-+          if (fi->nChars < 0 || fi->nChars > INT_MAX / sizeof(Metrics)) {
-+              xfree(afmbuf);
-+              xfree(fi);
-+              return(1);
-+          }
-             fi->metrics = (Metrics *)xalloc(fi->nChars * 
-                 sizeof(Metrics));
-             if (fi->metrics == NULL) {
-Index: lib/font/Type1/scanfont.c
-===================================================================
-RCS file: /cvs/xorg/xc/lib/font/Type1/scanfont.c,v
-retrieving revision 1.5
-diff -u -u -r1.5 scanfont.c
---- lib/font/Type1/scanfont.c  9 Jul 2005 23:30:06 -0000       1.5
-+++ lib/font/Type1/scanfont.c  12 Sep 2006 07:49:46 -0000
-@@ -57,6 +57,7 @@
- 
- #ifndef FONTMODULE
- #include <string.h>
-+#include <limits.h>
- #else
- #include "Xdefs.h"    /* Bool declaration */
- #include "Xmd.h"      /* INT32 declaration */
-@@ -654,6 +655,7 @@
-   arrayP->data.valueP = tokenStartP;
- 
-   /* allocate FDArray */
-+  /* No integer overflow since arrayP->len is unsigned short */
-   FDArrayP = (psfont *)vm_alloc(arrayP->len*(sizeof(psfont)));
-   if (!(FDArrayP)) return(SCAN_OUT_OF_MEMORY);
- 
-@@ -850,7 +852,8 @@
-      }
-      return(SCAN_OK);
-    }
-- 
-+   if (N > INT_MAX / sizeof(psobj)) 
-+       return (SCAN_ERROR);
-    arrayP = (psobj *)vm_alloc(N*sizeof(psobj));
-    if (!(arrayP) ) return(SCAN_OUT_OF_MEMORY);
-    FontP->Subrs.len = N;
-@@ -911,7 +914,7 @@
-      }
-      else return(rc);  /* if next token was not an Int */
-    }
--   if (N<=0) return(SCAN_ERROR);
-+   if (N<=0 || N > INT_MAX / sizeof(psdict)) return(SCAN_ERROR);
-    /* save number of entries in the dictionary */
-  
-    dictP = (psdict *)vm_alloc((N+1)*sizeof(psdict));
-@@ -1719,6 +1722,10 @@
-     if (tokenType == TOKEN_INTEGER)
-       rangecnt = tokenValue.integer;
- 
-+    if (rangecnt < 0 || rangecnt > INT_MAX / sizeof(spacerangecode)) {
-+      rc = SCAN_ERROR;
-+      break;
-+    }
-     /* ==> tokenLength, tokenTooLong, tokenType, and */
-     /* tokenValue are now set                        */
- 
-Index: lib/font/Type1/util.c
-===================================================================
-RCS file: /cvs/xorg/xc/lib/font/Type1/util.c,v
-retrieving revision 1.5
-diff -u -u -r1.5 util.c
---- lib/font/Type1/util.c      9 Jul 2005 23:30:07 -0000       1.5
-+++ lib/font/Type1/util.c      12 Sep 2006 07:49:46 -0000
-@@ -104,7 +104,7 @@
-   bytes = (bytes + 7) & ~7;
-  
-   /* Allocate the space, if it is available */
--  if (bytes <= vm_free) {
-+  if (bytes > 0 && bytes <= vm_free) {
-     answer = vm_next;
-     vm_free -= bytes;
-     vm_next += bytes;