Bug 640923 – linetoken() buffer overflow

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 640923 - linetoken() buffer overflow


Summary:	linetoken() buffer overflow


Status:	RESOLVED FIXED

Product:	evince
Classification:	Core
Component:	backends
Version:	2.91.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Evince Maintainers
QA Contact:	Evince Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-01-30 00:37 UTC by rock-madrid
Modified:	2011-02-17 14:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
backends: Fix another security issue in the dvi-backend (916 bytes, patch) 2011-02-17 14:25 UTC, Vincent Untz	committed	Details \| Review

Description rock-madrid 2011-01-30 00:37:42 UTC

I saw that you fixed the buffer overflow in token() in afmparse.c. That's great, but linetoken() in the same file has another similar buffer overflow, so you should check that too.

Comment 1 Vincent Untz 2011-02-17 14:25:06 UTC

Created attachment 181131 [details] [review]
backends: Fix another security issue in the dvi-backend

This is similar to one of the fixes from d4139205.

Comment 2 Carlos Garcia Campos 2011-02-17 14:37:04 UTC

Review of attachment 181131 [details] [review]:

Thanks!, please push it.

Comment 3 Vincent Untz 2011-02-17 14:46:03 UTC

Comment on attachment 181131 [details] [review]
backends: Fix another security issue in the dvi-backend

Pushed to master and gnome-2-32.