]> www.fi.muni.cz Git - evince.git/blobdiff - backend/dvi/mdvi-lib/vf.c
https://www.fi.muni.cz/~kas/git / evince.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
backends: Fix several security issues in the dvi-backend.
[evince.git] / backend / dvi / mdvi-lib / vf.c
diff --git a/backend/dvi/mdvi-lib/vf.c b/backend/dvi/mdvi-lib/vf.c
index fb4984766e72ef4a32d436a983d329dda8cb6c73..a5ae3bbe721a162c7f486eddca85c08fccac2893 100644 (file)
--- a/backend/dvi/mdvi-lib/vf.c
+++ b/backend/dvi/mdvi-lib/vf.c
@@ -165,6 +165,12 @@ static int vf_load_font(DviParams *params, DviFont *font)
                        cc = fuget1(p);
                        tfm = fuget3(p);
                }
+               if (cc < 0 || cc > 65536) {
+                       /* TeX engines do not support char codes bigger than 65535 */
+                       mdvi_error(_("(vf) %s: unexpected character %d\n"),
+                                  font->fontname, cc);
+                       goto error;
+               }
                if(loc < 0 || cc < loc)
                        loc = cc;
                if(hic < 0 || cc > hic)
Dual-screen mode for evince