$OpenBSD: patch-lib_type1_lines_c,v 1.1 2012/01/26 08:48:54 ajacoutot Exp $

CVE-2011-0764, CVE-2011-1552, CVE-2011-1553 and CVE-2011-1554

--- lib/type1/lines.c.orig	Sun Dec 23 10:49:42 2007
+++ lib/type1/lines.c	Wed Jan 25 21:55:12 2012
@@ -67,6 +67,10 @@ This module provides the following entry point to othe
 None.
 */
  
+#define  BITS         (sizeof(LONG)*8)
+#define  HIGHTEST(p)  (((p)>>(BITS-2)) != 0)  /* includes sign bit */
+#define  TOOBIG(xy)   ((xy < 0) ? HIGHTEST(-xy) : HIGHTEST(xy))
+
 /*
 :h2.StepLine() - Produces Run Ends for a Line After Checks
  
@@ -84,6 +88,9 @@ void StepLine(R, x1, y1, x2, y2)
        IfTrace4((LineDebug > 0), ".....StepLine: (%d,%d) to (%d,%d)\n",
                                             x1, y1, x2, y2);
  
+      if (TOOBIG(x1) || TOOBIG(x2) || TOOBIG(y1) || TOOBIG(y2))
+              abort("Lines this big not supported", 49);
+
        dy = y2 - y1;
  
 /*
