texlive-base/CVE-2023-46051.patch

Origin:
https://github.com/TeX-Live/texlive-source/commit/8215ee325f74405f795a02d247fbd99302810261
https://tug.org/pipermail/tex-live/2023-August/049415.html

From 8215ee325f74405f795a02d247fbd99302810261 Mon Sep 17 00:00:00 2001
From: Karl Berry <karl@freefriends.org>
Date: Mon, 28 Aug 2023 22:32:09 +0000
Subject: [PATCH] guard against undump of corrupt .fmt

git-svn-id: svn://tug.org/texlive/trunk/Build/source@68100 c570f23f-e606-0410-a88d-b1316a301751
---
 texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c | 9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c b/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c
index e658064abb..e57c36f6be 100644
--- a/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c
+++ b/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c
@@ -535,10 +535,17 @@ void undumptounicode(void)
         void **result;
         glyph_unicode_entry *gu = new_glyph_unicode_entry();
         undumpcharptr(gu->name);
+        if (gu->name == NULL) {
+            pdftex_fail("undumpcharptr(gu->name) got NULL");
+        }
         generic_undump(gu->code);
 
-        if (gu->code == UNI_STRING)
+        if (gu->code == UNI_STRING) {
             undumpcharptr(gu->unicode_seq);
+            if (gu->unicode_seq == NULL) {
+                pdftex_fail("undumpcharptr(gu->unicode_seq) got NULL");
+            }
+        }
 
         result = avl_probe(glyph_unicode_tree, gu);
         assert(*result == gu);
Fix CVE-2023-46048, CVE-2023-46051 (cherry picked from commit 72d43e6e3296323ebe672edf2300787ba5256555) 2024-08-05 15:22:28 +08:00			`Origin:`
			`https://github.com/TeX-Live/texlive-source/commit/8215ee325f74405f795a02d247fbd99302810261`
			`https://tug.org/pipermail/tex-live/2023-August/049415.html`

			`From 8215ee325f74405f795a02d247fbd99302810261 Mon Sep 17 00:00:00 2001`
			`From: Karl Berry <karl@freefriends.org>`
			`Date: Mon, 28 Aug 2023 22:32:09 +0000`
			`Subject: [PATCH] guard against undump of corrupt .fmt`

			`git-svn-id: svn://tug.org/texlive/trunk/Build/source@68100 c570f23f-e606-0410-a88d-b1316a301751`
			`---`
			`texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c \| 9 ++++++++-`
			`1 files changed, 8 insertions(+), 1 deletion(-)`

			`diff --git a/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c b/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c`
			`index e658064abb..e57c36f6be 100644`
			`--- a/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c`
			`+++ b/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c`
			`@@ -535,10 +535,17 @@ void undumptounicode(void)`
			`void **result;`
			`glyph_unicode_entry *gu = new_glyph_unicode_entry();`
			`undumpcharptr(gu->name);`
			`+ if (gu->name == NULL) {`
			`+ pdftex_fail("undumpcharptr(gu->name) got NULL");`
			`+ }`
			`generic_undump(gu->code);`

			`- if (gu->code == UNI_STRING)`
			`+ if (gu->code == UNI_STRING) {`
			`undumpcharptr(gu->unicode_seq);`
			`+ if (gu->unicode_seq == NULL) {`
			`+ pdftex_fail("undumpcharptr(gu->unicode_seq) got NULL");`
			`+ }`
			`+ }`

			`result = avl_probe(glyph_unicode_tree, gu);`
			`assert(*result == gu);`