Bug#781542: pu: package hp2xx/3.4.4-8

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#781542: pu: package hp2xx/3.4.4-8
From: "Christian T. Steigies" <cts@debian.org>
Date: Mon, 30 Mar 2015 21:17:58 +0200
Message-id: <[🔎] 20150330191758.17704.55869.reportbug@guido.earth.sol>
Reply-to: "Christian T. Steigies" <cts@debian.org>, 781542@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,
I received a report for crashes in hp2xx which were found with American
fuzzy lop (afl).  For unstable I already uploaded -10 with the following
patch.  It should apply to the version in stable as well since nothing
changed in the code in between. Please advise how to proceed.

Christian

diff -uwr hp2xx-3.4.4a/sources/hpgl.c hp2xx-3.4.4afl//sources/hpgl.c
--- hp2xx-3.4.4a/sources/hpgl.c	2003-06-21 19:54:45.000000000 +0200
+++ hp2xx-3.4.4afl//sources/hpgl.c	2015-03-28 16:01:10.000000000 +0100
@@ -1297,9 +1297,14 @@
  **	      EOF if EOF met
  **/
 {
-	int c;
+	volatile int c;      /* Keep compilers from optimizing out the initial EOF check */
+        int i;
 	char *ptr, numbuf[80];
 
+        c = getc(hd);
+        if (c == EOF) return EOF;
+        ungetc (c, hd);
+                
 	for (c = getc(hd);
 	     (c != '.') && (c != '+') && (c != '-') && ((c < '0')
 							|| (c > '9'));
@@ -1316,9 +1321,13 @@
 	}
 	/* Number found: Get it */
 	ptr = numbuf;
+	i = 0;
 	for (*ptr++ = c, c = getc(hd);
-	     ((c >= '0') && (c <= '9')) || (c == '.'); c = getc(hd))
+	     ((c >= '0') && (c <= '9')) || (c == '.') || (c == '\n'); c = getc(hd)) 
+		if (c != '\n') {
 		*ptr++ = c;	/* Read number          */
+		    i++; if (i == 79) break; /* until buffer full */ 
+	         }
 	*ptr = '\0';
 	if (c != EOF)
 		ungetc(c, hd);
diff -uwr hp2xx-3.4.4a/sources/lindef.c hp2xx-3.4.4afl//sources/lindef.c
--- hp2xx-3.4.4a/sources/lindef.c	2003-06-21 17:31:51.000000000 +0200
+++ hp2xx-3.4.4afl//sources/lindef.c	2015-03-28 15:55:29.000000000 +0100
@@ -92,6 +92,11 @@
 		return;
 	} else {
 		index = (int) tmp;
+		if (index > LT_MAX || index < -LT_MAX) {
+		       if (!silent_mode)
+				fprintf(stderr,"UL command for invalid linetype %d ignored\n",index);
+		       return;
+                }
 	}
 
 	pos_index = index - LT_MIN;
diff -uwr hp2xx-3.4.4a/sources/picbuf.c hp2xx-3.4.4afl//sources/picbuf.c
--- hp2xx-3.4.4a/sources/picbuf.c	2003-06-21 17:31:51.000000000 +0200
+++ hp2xx-3.4.4afl//sources/picbuf.c	2015-03-28 15:55:29.000000000 +0100
@@ -340,6 +340,10 @@
 		return NULL;
 	}
 
+	if (n_rows <= 0 || n_cols <= 0) {
+	        Eprintf("Invalid image dimensions: %d x %d\n",n_rows,n_cols);
+	        return NULL;
+        }
 	pb->nr = n_rows;
 	pb->nc = n_cols;
 	pb->sd = NULL;

-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Follow-Ups:
- Bug#781542: pu: package hp2xx/3.4.4-8
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#781542: pu: package hp2xx/3.4.4-8
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#781542: pu: package hp2xx/3.4.4-8
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#781536: marked as done (unblock: grpn/1.1.2-3.2)
Next by Date: Processed: tagging 781542
Previous by thread: Bug#781536: marked as done (unblock: grpn/1.1.2-3.2)
Next by thread: Bug#781542: pu: package hp2xx/3.4.4-8
Index(es):
- Date
- Thread