Date: Sat, 01 Feb 2003 01:25:42 +0100 From: Thomas Moestl <tmm@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/47776: [PATCH] ports/print/gv broken by recent security update Message-ID: <E18elTa-000CL6-00@galatea.local>
next in thread | raw e-mail | index | archive | help
>Number: 47776
>Category: ports
>Synopsis: [PATCH] ports/print/gv broken by recent security update
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 31 16:30:15 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Thomas Moestl
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
none
>Environment:
System: FreeBSD galatea.local 5.0-CURRENT FreeBSD 5.0-CURRENT #2: Fri Jan 31 00:38:24 CET 2003 tmm@galatea.local:/usr/src/sys/i386/compile/GALATEA i386
>Description:
The recent security update added a patch from Debian, which
breaks gv for some previously working PostScript documents.
The problem is the following change in the gv_3.5.8-26.1.diff.gz
(from security.debian.org):
+#define IS_END(comment) \
+ (iscomment(line+5,(comment)))
[...]
- else if IS_BEGIN("Document:") SKIP_UNTIL_1("EndDocument")
+ else if IS_BEGIN("Document:") { /* Skip the EPS without handling its content */
+ while (line && !IS_END("Document")) {
+ line = ps_io_fgetchars(fd,-1);
+ if (line) *line_lenP += FD_LINE_LEN;
+ }
+ }
It seems to be intended to handle embedded EPS files with
unclosed sections. However, it has two problems: first, it does
not check that the line in question is really an
"%%EndDocument" comment, only that it contains the string
"Document", starting on the fifth character on the line,
which happens to occur in unrelated places in the problematic
documents. This desynchronizes the rest of the file reader,
and it will interpret the trailer/EOF of the embedded document
as end of the parent document.
Secondly, it does not skip over the the %%EndDocument line;
this is non-fatal though.
The attached patch should fix it. In case it gets mangled,
a copy is at 'http://people.freebsd.org/~tmm/patch-source::ps.c'.
>How-To-Repeat:
An example of a broken document is
http://www.sparc.com/standards/v9.ps.Z - only the first 3
pages will be displayed.
>Fix:
--- source/ps.c.orig Sat Feb 1 00:56:20 2003
+++ source/ps.c Sat Feb 1 01:17:43 2003
@@ -1770,8 +1770,6 @@
(DSCcomment(line) && iscomment(line+2,(comment)))
#define IS_BEGIN(comment) \
(iscomment(line+7,(comment)))
-#define IS_END(comment) \
- (iscomment(line+5,(comment)))
#define SKIP_WHILE(cond) \
while (readline(fd, &line, NULL, &nbytes) && (cond)) *line_lenP += nbytes;\
skipped=1;
@@ -1808,10 +1806,10 @@
#endif
if (!IS_COMMENT("Begin")) {} /* Do nothing */
else if IS_BEGIN("Document:") { /* Skip the EPS without handling its content */
- while (line && !IS_END("Document")) {
- line = ps_io_fgetchars(fd,-1);
- if (line) *line_lenP += FD_LINE_LEN;
- }
+ while ((line = ps_io_fgetchars(fd,-1)) && !IS_COMMENT("EndDocument"))
+ *line_lenP += FD_LINE_LEN;
+ nbytes = line ? FD_LINE_LEN : 0;
+ skipped = 1;
}
else if IS_BEGIN("Feature:") SKIP_UNTIL_1("EndFeature")
#ifdef USE_ACROREAD_WORKAROUND
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E18elTa-000CL6-00>