ports/contrib
3
3
Fork 2
Code Issues Pull Requests Activity
f4c9c88208
contrib/inkscape/inkscape-0.92.4-upstream_fixes-1.patch
Danny Rawlins dc0a43457b inkscape: fix for poppler 0.82.x
2019-11-09 22:05:10 +11:00

97 lines
3.6 KiB
Diff
Raw Blame History

Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2019-06-25
Initial Package Version: 0.92.4
Upstream Status: Applied
Origin: Upstream
Description: Fixes for out of bounds accesses in the fill bucket and text tools.
These issues are highlighted if -D_FORTIFY_SOURCE=2 is used (e.g. application
terminated when trying to use the fill tool).
commit 19225039b8667679c175e62f1faa29495b4ed547
Author: Nathan Lee <2431820-nathanal@users.noreply.gitlab.com>
Date: Fri Apr 26 00:30:04 2019 +1000
Add out of bound checks to fill bucket
Fixes https://gitlab.com/inkscape/inbox/issues/398
commit 37a5a0e7f1e0303222e6349379a6943c60f3b5b8
Author: Trevor Spiteri <trevor.spiteri@um.edu.mt>
Date: Tue Jan 15 18:57:17 2019 +0100
out-of-bounds access on Enter in new text field
https://bugzilla.redhat.com/show_bug.cgi?id=1575842
Reproduce using:
1. Select text tool (F8)
2. Click on empty canvas
3. Hit Enter
commit 6b8b86ca248cc47128ee3646d7ce17d2c0720522
Author: Trevor Spiteri <trevor.spiteri@um.edu.mt>
Date: Tue Jan 15 18:57:56 2019 +0100
out-of-bounds access on clicking at end of text field
https://bugzilla.redhat.com/show_bug.cgi?id=1608371
https://bugs.launchpad.net/inkscape/+bug/1803553
Reproduce using:
1. Select text tool (F8)
2. Click on empty canvas
3. Type "abc"
4. Click somewhere else
5. Click in first text field after "c" in "abc"
diff -Naur a/src/libnrtype/Layout-TNG-OutIter.cpp b/src/libnrtype/Layout-TNG-OutIter.cpp
--- a/src/libnrtype/Layout-TNG-OutIter.cpp 2019-01-15 04:29:27.000000000 +0000
+++ b/src/libnrtype/Layout-TNG-OutIter.cpp 2019-06-25 18:55:33.680796467 +0100
@@ -46,7 +46,10 @@
best_x_difference = this_x_difference;
}
}
- if (best_char_index == -1) return iterator(this, char_index);
+ if (best_char_index == -1)
+ best_char_index = char_index;
+ if (best_char_index == _characters.size())
+ return end();
return iterator(this, best_char_index);
}
@@ -182,6 +185,8 @@
if (_input_stream[source_index]->Type() != TEXT_SOURCE)
return iterator(this, char_index);
+ if (char_index >= _characters.size())
+ return end();
return iterator(this, char_index);
/* This code was never used, the text_iterator argument was "NULL" in all calling code
InputStreamTextSource const *text_source = static_cast<InputStreamTextSource const *>(_input_stream[source_index]);
diff -Naur a/src/ui/tools/flood-tool.cpp b/src/ui/tools/flood-tool.cpp
--- a/src/ui/tools/flood-tool.cpp 2019-01-15 04:29:27.000000000 +0000
+++ b/src/ui/tools/flood-tool.cpp 2019-06-25 18:55:14.064888807 +0100
@@ -630,7 +630,7 @@
bool can_paint_top = (top_ty > 0);
bool can_paint_bottom = (bottom_ty < bci.height);
- Geom::Point t = fill_queue->front();
+ Geom::Point front_of_queue = fill_queue->empty() ? Geom::Point() : fill_queue->front();
do {
ok = false;
@@ -648,8 +648,11 @@
paint_directions = paint_pixel(px, trace_px, orig_color, bci, current_trace_t);
if (bci.radius == 0) {
mark_pixel_checked(current_trace_t);
- if ((t[Geom::X] == bci.x) && (t[Geom::Y] == bci.y)) {
- fill_queue->pop_front(); t = fill_queue->front();
+ if ((!fill_queue->empty()) &&
+ (front_of_queue[Geom::X] == bci.x) &&
+ (front_of_queue[Geom::Y] == bci.y)) {
+ fill_queue->pop_front();
+ front_of_queue = fill_queue->empty() ? Geom::Point() : fill_queue->front();
}
}
Reference in New Issue View Git Blame Copy Permalink