From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
From: Hans de Goede <hdegoede@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/xfig] epel10.2: Fix a stack overflow when importing 1.3 files (CVE-2009-4227) (rhbz#543905)
Date: Sat, 30 May 2026 14:28:17 GMT
Message-ID: <178015129724.1.10347307870824260602.rpms-xfig-a64793542bd1@fedoraproject.org>
List-ID: <git-commits.fedoraproject.org>
X-Git-Repo: rpms/xfig
X-Git-Branch: epel10.2
X-Git-Rev: a64793542bd1d681f802fd8b0d6a6d71debfa852

QSBuZXcgY29tbWl0IGhhcyBiZWVuIHB1c2hlZC4KClJlcG8gICA6IHJwbXMveGZpZwpCcmFuY2gg
OiBlcGVsMTAuMgpDb21taXQgOiBhNjQ3OTM1NDJiZDFkNjgxZjgwMmZkOGIwZDZhNmQ3MWRlYmZh
ODUyCkF1dGhvciA6IEhhbnMgZGUgR29lZGUgPGhkZWdvZWRlQHJlZGhhdC5jb20+CkRhdGUgICA6
IDIwMTItMDgtMTJUMTY6NDc6MjcrMDI6MDAKU3RhdHMgIDogKzYyLy02IGluIDIgZmlsZShzKQpV
UkwgICAgOiBodHRwczovL3NyYy5mZWRvcmFwcm9qZWN0Lm9yZy9ycG1zL3hmaWcvYy9hNjQ3OTM1
NDJiZDFkNjgxZjgwMmZkOGIwZDZhNmQ3MWRlYmZhODUyP2JyYW5jaD1lcGVsMTAuMgoKTG9nOgpG
aXggYSBzdGFjayBvdmVyZmxvdyB3aGVuIGltcG9ydGluZyAxLjMgZmlsZXMgKENWRS0yMDA5LTQy
MjcpIChyaGJ6IzU0MzkwNSkKCi0tLQpkaWZmIC0tZ2l0IGEvMzBfZmlncGFyc2Vyc3RhY2sucGF0
Y2ggYi8zMF9maWdwYXJzZXJzdGFjay5wYXRjaApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAw
MDAwMDAwLi43MGQzOTEyCi0tLSAvZGV2L251bGwKKysrIGIvMzBfZmlncGFyc2Vyc3RhY2sucGF0
Y2gKQEAgLTAsMCArMSw1NiBAQAorRnJvbTogSGFucyBkZSBHb2VkZSA8ai53LnIuZGVnb2VkZUBo
aHMubmw+CitTdWJqZWN0OiBGaXggU3RhY2stYmFzZWQgYnVmZmVyIG92ZXJmbG93IGJ5IGxvYWRp
bmcgbWFsZm9ybWVkIC5GSUcgZmlsZXMKK0J1ZzogaHR0cHM6Ly9idWd6aWxsYS5yZWRoYXQuY29t
L3Nob3dfYnVnLmNnaT9pZD01NDM5MDUKK0J1Zy1EZWJpYW46IGh0dHA6Ly9idWdzLmRlYmlhbi5v
cmcvNTU5Mjc0CisKKy0tLSBhL2ZfcmVhZG9sZC5jCisrKysgYi9mX3JlYWRvbGQuYworQEAgLTQ3
MSw3ICs0NzEsNyBAQAorICAgICBGX3RleHQJICAgKnQ7CisgICAgIGludAkJICAgIG47CisgICAg
IGludAkJICAgIGR1bTsKKy0gICAgY2hhcgkgICAgYnVmWzEyOF07CisrICAgIGNoYXIJICAgIGJ1
Zls1MTJdOworICAgICBQUl9TSVpFCSAgICB0eF9kaW07CisgCisgICAgIGlmICgodCA9IGNyZWF0
ZV90ZXh0KCkpID09IE5VTEwpCitAQCAtNDg1LDIyICs0ODUsMzQgQEAKKyAgICAgdC0+cGVuX3N0
eWxlID0gLTE7CisgICAgIHQtPmFuZ2xlID0gMC4wOworICAgICB0LT5uZXh0ID0gTlVMTDsKKysg
ICAgaWYgKCFmZ2V0cyhidWYsIHNpemVvZihidWYpLCBmcCkpIHsKKysJZmlsZV9tc2coIkluY29t
cGxldGUgdGV4dCBkYXRhIik7CisrCWZyZWUoKGNoYXIgKikgdCk7CisrCXJldHVybiAoTlVMTCk7
CisrICAgIH0KKysKKysgICAgLyogTm90ZSB1c2luZyBzdHJsZW4oYnVmKSBoZXJlIHdpbGwgd2Fz
dGUgYSBmZXcgYnl0ZXMsIGFzIHRoZQorKyAgICAgICB2YXJpb3VzIHRleHQgYXR0cmlidXRlcyBh
cmUgY291bnRlZCBpbnRvIHRoaXMgbGVuZ3RoIHRvby4gKi8KKysgICAgaWYgKCh0LT5jc3RyaW5n
ID0gbmV3X3N0cmluZyhzdHJsZW4oYnVmKSkpID09IE5VTEwpCisrICAgICAgICByZXR1cm4gKE5V
TEwpOworKworICAgICAvKiBhc2NlbnQgYW5kIGxlbmd0aCB3aWxsIGJlIHJlY2FsY3VsYXRlZCBs
YXRlciAqLworLSAgICBuID0gZnNjYW5mKGZwLCAiICVkICVkICVkICVkICVkICVkICVkICVbXlxu
XSIsCisrICAgIG4gPSBzc2NhbmYoYnVmLCAiICVkICVkICVkICVkICVkICVkICVkICVbXlxuXSIs
CisgCQkmdC0+Zm9udCwgJmR1bSwgJmR1bSwgJnQtPmFzY2VudCwgJnQtPmxlbmd0aCwKKy0JCSZ0
LT5iYXNlX3gsICZ0LT5iYXNlX3ksIGJ1Zik7CisrCQkmdC0+YmFzZV94LCAmdC0+YmFzZV95LCB0
LT5jc3RyaW5nKTsKKyAgICAgaWYgKG4gIT0gOCkgeworIAlmaWxlX21zZygiSW5jb21wbGV0ZSB0
ZXh0IGRhdGEiKTsKKysJZnJlZSh0LT5jc3RyaW5nKTsKKyAJZnJlZSgoY2hhciAqKSB0KTsKKyAJ
cmV0dXJuIChOVUxMKTsKKyAgICAgfQorLSAgICBpZiAoKHQtPmNzdHJpbmcgPSBuZXdfc3RyaW5n
KHN0cmxlbihidWYpKSkgPT0gTlVMTCkgeworKworKyAgICBpZiAoIXN0cmxlbih0LT5jc3RyaW5n
KSkgeworKwlmcmVlKHQtPmNzdHJpbmcpOworIAlmcmVlKChjaGFyICopIHQpOworIAlmaWxlX21z
ZygiRW1wdHkgdGV4dCBzdHJpbmcgYXQgbGluZSAlZC4iLCBsaW5lX25vKTsKKyAJcmV0dXJuIChO
VUxMKTsKKyAgICAgfQorLSAgICAvKiBwdXQgc3RyaW5nIGluIHN0cnVjdHVyZSAqLworLSAgICBz
dHJjcHkodC0+Y3N0cmluZywgYnVmKTsKKyAKKyAgICAgLyogZ2V0IHRoZSBmb250IHN0cnVjdCAq
LworICAgICB0LT56b29tID0gem9vbXNjYWxlOwoKZGlmZiAtLWdpdCBhL3hmaWcuc3BlYyBiL3hm
aWcuc3BlYwppbmRleCBjMmZiZmQ2Li42OTE3OTJjIDEwMDY0NAotLS0gYS94ZmlnLnNwZWMKKysr
IGIveGZpZy5zcGVjCkBAIC0zLDcgKzMsNyBAQAogU3VtbWFyeTogQW4gWCBXaW5kb3cgU3lzdGVt
IHRvb2wgZm9yIGRyYXdpbmcgYmFzaWMgdmVjdG9yIGdyYXBoaWNzCiBOYW1lOiB4ZmlnCiBWZXJz
aW9uOiAzLjIuNQotUmVsZWFzZTogMzEuYiV7P2Rpc3R9CitSZWxlYXNlOiAzMi5iJXs/ZGlzdH0K
IExpY2Vuc2U6IE1JVAogR3JvdXA6IEFwcGxpY2F0aW9ucy9NdWx0aW1lZGlhCiBVUkw6IGh0dHA6
Ly93d3cueGZpZy5vcmcvCkBAIC0yMiw2ICsyMiw3IEBAIFBhdGNoMTk6IHhmaWctMy4yLjUtZGVi
aWFuLnBhdGNoCiBQYXRjaDIwOiB4ZmlnLTMuMi41Yi1maXgtZXBzLXJlYWRpbmcucGF0Y2gKIFBh
dGNoMjE6IHhmaWctMy4yLjViLWZpeC1maWctYnVmZmVyLW92ZXJmbG93LnBhdGNoCiBQYXRjaDIy
OiAzNl9saWJwbmcxNS5kcGF0Y2gKK1BhdGNoMjM6IDMwX2ZpZ3BhcnNlcnN0YWNrLnBhdGNoCiAK
IEJ1aWxkUmVxdWlyZXM6IGxpYmpwZWctZGV2ZWwKIEJ1aWxkUmVxdWlyZXM6IGxpYnBuZy1kZXZl
bApAQCAtOTYsNiArOTcsNyBAQCBGaWxlcyBjb21tb24gdG8gYm90aCB0aGUgcGxhaW4gWGF3IGFu
ZCB0aGUgWGF3M2QgdmVyc2lvbiBvZiB4ZmlnLgogJXBhdGNoMjAgLXAxCiAlcGF0Y2gyMQogJXBh
dGNoMjIgLXAxIC1iIC5saWJwbmcKKyVwYXRjaDIzIC1wMQogaWNvbnYgLWYgSVNPLTg4NTktMSAt
dCBVVEY4IENIQU5HRVMgPiB0bXA7IHRvdWNoIC1yIENIQU5HRVMgdG1wOyBtdiB0bXAgQ0hBTkdF
Uwogcm0gRG9jL2h0bWwvaW1hZ2VzL3NhdjFhMC50bXAKIGNobW9kIC14IGBmaW5kIC10eXBlIGZg
CkBAIC0xMjEsOCArMTIzLDYgQEAgbWFrZSBYRklHRE9DRElSPSV7X2RvY2Rpcn0vJXtuYW1lfS0l
e3ZlcnNpb259IFwKIAogCiAlaW5zdGFsbAotcm0gLXJmICV7YnVpbGRyb290fQotCiBtYWtlIERF
U1RESVI9JXtidWlsZHJvb3R9IFhGSUdET0NESVI9JXtfZG9jZGlyfS8le25hbWV9LSV7dmVyc2lv
bn0gXAogICAgICBJTlNUQUxMPSJpbnN0YWxsIC1wIiBpbnN0YWxsLmFsbAogaW5zdGFsbCAtcCAt
bSA2NDQgQ0hBTkdFUyBSRUFETUUgTEFURVguQU5ELlhGSUcqIEZJR0FQUFMgXApAQCAtMTY1LDE1
ICsxNjUsMTIgQEAgZmkKIAogCiAlZmlsZXMKLSVkZWZhdHRyKC0scm9vdCxyb290LC0pCiAle19i
aW5kaXJ9LyV7bmFtZX0tWGF3M2QKIAogJWZpbGVzIHBsYWluCi0lZGVmYXR0cigtLHJvb3Qscm9v
dCwtKQogJXtfYmluZGlyfS8le25hbWV9LXBsYWluCiAKICVmaWxlcyBjb21tb24KLSVkZWZhdHRy
KC0scm9vdCxyb290LC0pCiAlZG9jICV7X2RvY2Rpcn0vJXtuYW1lfS0le3ZlcnNpb259CiAle19i
aW5kaXJ9LyV7bmFtZX0KICV7X2RhdGFkaXJ9LyV7bmFtZX0KQEAgLTE4NCw2ICsxODEsOSBAQCBm
aQogCiAKICVjaGFuZ2Vsb2cKKyogU3VuIEF1ZyAxMiAyMDEyIEhhbnMgZGUgR29lZGUgPGhkZWdv
ZWRlQHJlZGhhdC5jb20+IC0gMy4yLjUtMzIuYgorLSBGaXggYSBzdGFjayBvdmVyZmxvdyB3aGVu
IGltcG9ydGluZyAxLjMgZmlsZXMgKENWRS0yMDA5LTQyMjcpIChyaGJ6IzU0MzkwNSkKKwogKiBT
dW4gSnVsIDIyIDIwMTIgRmVkb3JhIFJlbGVhc2UgRW5naW5lZXJpbmcgPHJlbC1lbmdAbGlzdHMu
ZmVkb3JhcHJvamVjdC5vcmc+IC0gMy4yLjUtMzEuYgogLSBSZWJ1aWx0IGZvciBodHRwczovL2Zl
ZG9yYXByb2plY3Qub3JnL3dpa2kvRmVkb3JhXzE4X01hc3NfUmVidWlsZAogCg==