summaryrefslogtreecommitdiff
path: root/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff')
-rw-r--r--source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff55
1 files changed, 0 insertions, 55 deletions
diff --git a/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff b/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff
deleted file mode 100644
index 891c41fd..00000000
--- a/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff
+++ /dev/null
@@ -1,55 +0,0 @@
-From 3945969e0072217c143fefa3044512a31ac2afa8 Mon Sep 17 00:00:00 2001
-From: mancha <mancha1@hush.com>
-Date: Sun, 11 Aug 2013
-Subject: CVE-2012-2142
-
-Filter stuff that might end up in the shell to address CVE-2012-2142.
-This code was adapted from the Poppler project.
----
- Error.cc | 21 ++++++++++++++++-----
- 1 file changed, 16 insertions(+), 5 deletions(-)
-
---- a/xpdf/Error.cc 2013-08-11
-+++ b/xpdf/Error.cc 2013-08-11
-@@ -43,7 +43,7 @@ void setErrorCallback(void (*cbk)(void *
-
- void CDECL error(ErrorCategory category, int pos, const char *msg, ...) {
- va_list args;
-- GString *s;
-+ GString *s, *sanitized;
-
- // NB: this can be called before the globalParams object is created
- if (!errorCbk && globalParams && globalParams->getErrQuiet()) {
-@@ -52,17 +52,28 @@ void CDECL error(ErrorCategory category,
- va_start(args, msg);
- s = GString::formatv(msg, args);
- va_end(args);
-+
-+ sanitized = new GString ();
-+ for (int i = 0; i < s->getLength(); ++i) {
-+ const char c = s->getChar(i);
-+ if (c < (char)0x20 || c >= (char)0x7f) {
-+ sanitized->appendf("<{0:02x}>", c & 0xff);
-+ } else {
-+ sanitized->append(c);
-+ }
-+ }
-+
- if (errorCbk) {
-- (*errorCbk)(errorCbkData, category, pos, s->getCString());
-+ (*errorCbk)(errorCbkData, category, pos, sanitized->getCString());
- } else {
- if (pos >= 0) {
- fprintf(stderr, "%s (%d): %s\n",
-- errorCategoryNames[category], pos, s->getCString());
-+ errorCategoryNames[category], pos, sanitized->getCString());
- } else {
- fprintf(stderr, "%s: %s\n",
-- errorCategoryNames[category], s->getCString());
-+ errorCategoryNames[category], sanitized->getCString());
- }
- fflush(stderr);
- }
-- delete s;
-+ delete sanitized;
- }