rpms/abiword/FC-3 abiword-2.0.12.impexp.patch, 1.3, 1.4 abiword.spec, 1.45, 1.46

Thu Oct 13 21:49:03 UTC 2005

Author: caolanm

Update of /cvs/dist/rpms/abiword/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv11241

Modified Files:
	abiword-2.0.12.impexp.patch abiword.spec 
Log Message:
rh#170030#

abiword-2.0.12.impexp.patch:
 ie_imp_RTF.cpp |   36 +++++++++++++++++++++---------------
 1 files changed, 21 insertions(+), 15 deletions(-)

Index: abiword-2.0.12.impexp.patch
===================================================================
RCS file: /cvs/dist/rpms/abiword/FC-3/abiword-2.0.12.impexp.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4

--- abiword-2.0.12.impexp.patch	29 Sep 2005 09:44:57 -0000	1.3
+++ abiword-2.0.12.impexp.patch	13 Oct 2005 21:49:00 -0000	1.4
@@ -1,21 +1,136 @@
 Index: src/wp/impexp/xp/ie_imp_RTF.cpp
 ===================================================================
 RCS file: /cvsroot/abi/src/wp/impexp/xp/ie_imp_RTF.cpp,v
-retrieving revision 1.347.2.18
 retrieving revision 1.347.2.19
-diff -u -p -u -r1.347.2.18 -r1.347.2.19
---- abi.orig/src/wp/impexp/xp/ie_imp_RTF.cpp	27 Jul 2005 15:20:30 -0000	1.347.2.18
-+++ abi/src/wp/impexp/xp/ie_imp_RTF.cpp	23 Sep 2005 16:37:41 -0000	1.347.2.19
-@@ -7937,9 +7937,10 @@ bool IE_Imp_RTF::ReadOneFontFromTable(bo
+diff -u -r1.347.2.19 ie_imp_RTF.cpp
+--- abi.orig/src/wp/impexp/xp/ie_imp_RTF.cpp	23 Sep 2005 16:37:41 -0000	1.347.2.19
++++ abi/src/wp/impexp/xp/ie_imp_RTF.cpp	4 Oct 2005 16:48:06 -0000
+@@ -388,7 +388,7 @@
+ 	UT_sint32 icurrent = 0;
+ 	UT_sint32 istrlen = szLevelText.size();
+ 	bool bIsUnicode;
+-	while (pText[0] != '\0')
++	while (pText[0] != '\0' && icurrent < 1000)
+ 	{
+ 		bIsUnicode = ((pText[0] == '\\') && (pText[1] == '\'') && UT_UCS4_isdigit(pText[2]) && UT_UCS4_isdigit(pText[3]));
+ 		// A broken exporter writes some junk at the beginning of the string.
+@@ -6946,11 +6946,11 @@
+ 
+ 	UT_sint32 count = 0;
+ 	UT_uint32 nesting = 1;
+-	while(nesting > 0)
++	while(nesting > 0 && count < MAX_KEYWORD_LEN - 1)
+ 	{
+ 		if (!ReadCharFromFile(&ch))
+ 			return NULL;
+-        if( nesting == 1 && (ch == '}'  || ch == ';'))
++		if( nesting == 1 && (ch == '}'  || ch == ';'))
+ 		{
+ 			nesting--;
+ 		}
+@@ -7937,7 +7937,7 @@
  	    FIXME: CJK font names come in form \'aa\'cd\'ef - so we have to
  	    parse \'HH correctly (currently we ignore them!) - VH
  	*/
--	while ( ch != '}'  &&  ch != '\\'  &&  ch != ';' && ch!= '{')
-+	while ( ch != '}'  &&  ch != '\\'  &&  ch != ';' && ch!= '{' && count < MAX_KEYWORD_LEN)
+-	while ( ch != '}'  &&  ch != '\\'  &&  ch != ';' && ch!= '{' && count < MAX_KEYWORD_LEN)
++	while ( ch != '}'  &&  ch != '\\'  &&  ch != ';' && ch!= '{' && count < MAX_KEYWORD_LEN - 1)
  	{
--		keyword[count++] = ch;
-+		keyword[count] = ch;
-+		count++;
- 		if (!ReadCharFromFile(&ch))
- 		{
- 			return false;
+ 		keyword[count] = ch;
+ 		count++;
+@@ -8203,7 +8203,7 @@
+ 					int count = 0;
+ 					if (!ReadCharFromFile(&ch))
+ 						return false;
+-					while ( level != 0 || (ch != '}' && ch != ';'))
++					while ((level != 0 || (ch != '}' && ch != ';')) && count < MAX_KEYWORD_LEN - 1)
+ 					{
+ 						if (ch == '{') {
+ 							level++;
+@@ -8221,11 +8221,13 @@
+ 					keyword[count++] = 0;
+ 					switch (dest) {
+ 					case 1:
+-						strcpy(rtfTable.textafter,reinterpret_cast<char*>(&keyword[0]));
++						strncpy(rtfTable.textafter,reinterpret_cast<char*>(&keyword[0]), sizeof(rtfTable.textafter));
++						rtfTable.textafter[sizeof(rtfTable.textafter) - 1] = 0;
+ 						UT_DEBUGMSG(("FOUND pntxta in stream, copied %s to input  \n",keyword));
+ 						break;
+ 					case 2:
+-						strcpy(rtfTable.textbefore,reinterpret_cast<char*>(&keyword[0]));
++						strncpy(rtfTable.textbefore,reinterpret_cast<char*>(&keyword[0]), sizeof(rtfTable.textbefore));
++						rtfTable.textbefore[sizeof(rtfTable.textbefore) - 1] = 0;
+ 						UT_DEBUGMSG(("FOUND pntxtb in stream,copied %s to input  \n",keyword));
+ 						break;
+ 					default:
+@@ -8974,14 +8976,15 @@
+ 					 int count = 0;
+ 					 if (!ReadCharFromFile(&ch))
+ 						 return false;
+-					 while ( ch != '}'  && ch != ';')
++					 while ( ch != '}'  && ch != ';' && count < MAX_KEYWORD_LEN - 1)
+ 					 {
+ 						 keyword[count++] = ch;
+ 						 if (!ReadCharFromFile(&ch))
+ 							 return false;
+ 					 }
+ 					 keyword[count++] = 0;
+-					 strcpy(m_currentRTFState.m_paraProps.m_pszStyle,reinterpret_cast<char*>(&keyword[0]));
++					 strncpy(m_currentRTFState.m_paraProps.m_pszStyle,reinterpret_cast<char*>(&keyword[0]), sizeof(m_currentRTFState.m_paraProps.m_pszStyle));
++					 m_currentRTFState.m_paraProps.m_pszStyle[sizeof(m_currentRTFState.m_paraProps.m_pszStyle) - 1] = 0;
+ 				 }
+ 				 else if (strcmp(reinterpret_cast<char*>(&keyword[0]), "abilistdecimal") == 0)
+ 				 {
+@@ -8990,14 +8993,15 @@
+ 					 int count = 0;
+ 					 if (!ReadCharFromFile(&ch))
+ 						 return false;
+-					 while ( ch != '}'  && ch != ';' )
++					 while ( ch != '}'  && ch != ';' && count < MAX_KEYWORD_LEN - 1)
+ 					 {
+ 						 keyword[count++] = ch;
+ 						 if (!ReadCharFromFile(&ch))
+ 							 return false;
+ 					 }
+ 					 keyword[count++] = 0;
+-					 strcpy(m_currentRTFState.m_paraProps.m_pszListDecimal,reinterpret_cast<char*>(&keyword[0]));
++					 strncpy(m_currentRTFState.m_paraProps.m_pszListDecimal,reinterpret_cast<char*>(&keyword[0]), sizeof(m_currentRTFState.m_paraProps.m_pszListDecimal));
++					 m_currentRTFState.m_paraProps.m_pszListDecimal[sizeof(m_currentRTFState.m_paraProps.m_pszListDecimal) - 1] = 0;
+ 				 }
+ 				 else if (strcmp(reinterpret_cast<char*>(&keyword[0]), "abilistdelim") == 0)
+ 				 {
+@@ -9006,14 +9010,15 @@
+ 					 int count = 0;
+ 					 if (!ReadCharFromFile(&ch))
+ 						 return false;
+-					 while ( ch != '}'  && ch != ';' )
++					 while ( ch != '}'  && ch != ';' && count < MAX_KEYWORD_LEN - 1)
+ 					 {
+ 						 keyword[count++] = ch;
+ 						 if (!ReadCharFromFile(&ch))
+ 							 return false;
+ 					 }
+ 					 keyword[count++] = 0;
+-					 strcpy(m_currentRTFState.m_paraProps.m_pszListDelim,reinterpret_cast<char*>(&keyword[0]));
++					 strncpy(m_currentRTFState.m_paraProps.m_pszListDelim,reinterpret_cast<char*>(&keyword[0]), sizeof(m_currentRTFState.m_paraProps.m_pszListDelim));
++					 m_currentRTFState.m_paraProps.m_pszListDelim[sizeof(m_currentRTFState.m_paraProps.m_pszListDelim) - 1] = 0;
+ 				 }
+ 				 else if (strcmp(reinterpret_cast<char*>(&keyword[0]), "abifieldfont") == 0)
+ 				 {
+@@ -9022,14 +9027,15 @@
+ 					 int count = 0;
+ 					 if (!ReadCharFromFile(&ch))
+ 						 return false;
+-					 while ( ch != '}'  && ch != ';' )
++					 while ( ch != '}'  && ch != ';' && count < MAX_KEYWORD_LEN - 1)
+ 					 {
+ 						 keyword[count++] = ch;
+ 						 if (!ReadCharFromFile(&ch))
+ 							 return false;
+ 					 }
+ 					 keyword[count++] = 0;
+-					 strcpy(m_currentRTFState.m_paraProps.m_pszFieldFont,reinterpret_cast<char*>(&keyword[0]));
++					 strncpy(m_currentRTFState.m_paraProps.m_pszFieldFont,reinterpret_cast<char*>(&keyword[0]), sizeof(m_currentRTFState.m_paraProps.m_pszFieldFont));
++					 m_currentRTFState.m_paraProps.m_pszFieldFont[sizeof(m_currentRTFState.m_paraProps.m_pszFieldFont) - 1] = 0;
+ 				 }
+ 				 else
+ 				 {


Index: abiword.spec
===================================================================
RCS file: /cvs/dist/rpms/abiword/FC-3/abiword.spec,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- abiword.spec	29 Sep 2005 09:16:34 -0000	1.45
+++ abiword.spec	13 Oct 2005 21:49:00 -0000	1.46
@@ -3,7 +3,7 @@
 Summary: The AbiWord word processor
 Name: abiword
 Version: 2.0.12
-Release: 10
+Release: 11
 Epoch: 1
 Group: Applications/Editors
 License: GPL
@@ -141,6 +141,9 @@
 %{_datadir}/icons/*png
 
 %changelog
+* Thu Sep 29 2005 Caolan McNamara <caolanm at redhat.com> 1:2.0.12-11
+- rh#170030# CAN-2005-2972
+
 * Thu Sep 29 2005 Caolan McNamara <caolanm at redhat.com> 1:2.0.12-10
 - rh#169478# CAN-2005-2964
 


