diff options
Diffstat (limited to 'graphics/inkscape/patches/inkscape-0.92.4-upstream_fixes-1.patch')
| -rw-r--r-- | graphics/inkscape/patches/inkscape-0.92.4-upstream_fixes-1.patch | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/graphics/inkscape/patches/inkscape-0.92.4-upstream_fixes-1.patch b/graphics/inkscape/patches/inkscape-0.92.4-upstream_fixes-1.patch new file mode 100644 index 0000000000..81aaa24207 --- /dev/null +++ b/graphics/inkscape/patches/inkscape-0.92.4-upstream_fixes-1.patch @@ -0,0 +1,96 @@ +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2019-06-25 +Initial Package Version: 0.92.4 +Upstream Status: Applied +Origin: Upstream +Description: Fixes for out of bounds accesses in the fill bucket and text tools. +These issues are highlighted if -D_FORTIFY_SOURCE=2 is used (e.g. application +terminated when trying to use the fill tool). + +commit 19225039b8667679c175e62f1faa29495b4ed547 +Author: Nathan Lee <2431820-nathanal@users.noreply.gitlab.com> +Date: Fri Apr 26 00:30:04 2019 +1000 + + Add out of bound checks to fill bucket + + Fixes https://gitlab.com/inkscape/inbox/issues/398 + +commit 37a5a0e7f1e0303222e6349379a6943c60f3b5b8 +Author: Trevor Spiteri <trevor.spiteri@um.edu.mt> +Date: Tue Jan 15 18:57:17 2019 +0100 + + out-of-bounds access on Enter in new text field + + https://bugzilla.redhat.com/show_bug.cgi?id=1575842 + + Reproduce using: + 1. Select text tool (F8) + 2. Click on empty canvas + 3. Hit Enter + +commit 6b8b86ca248cc47128ee3646d7ce17d2c0720522 +Author: Trevor Spiteri <trevor.spiteri@um.edu.mt> +Date: Tue Jan 15 18:57:56 2019 +0100 + + out-of-bounds access on clicking at end of text field + + https://bugzilla.redhat.com/show_bug.cgi?id=1608371 + https://bugs.launchpad.net/inkscape/+bug/1803553 + + Reproduce using: + 1. Select text tool (F8) + 2. Click on empty canvas + 3. Type "abc" + 4. Click somewhere else + 5. Click in first text field after "c" in "abc" + +diff -Naur a/src/libnrtype/Layout-TNG-OutIter.cpp b/src/libnrtype/Layout-TNG-OutIter.cpp +--- a/src/libnrtype/Layout-TNG-OutIter.cpp 2019-01-15 04:29:27.000000000 +0000 ++++ b/src/libnrtype/Layout-TNG-OutIter.cpp 2019-06-25 18:55:33.680796467 +0100 +@@ -46,7 +46,10 @@ + best_x_difference = this_x_difference; + } + } +- if (best_char_index == -1) return iterator(this, char_index); ++ if (best_char_index == -1) ++ best_char_index = char_index; ++ if (best_char_index == _characters.size()) ++ return end(); + return iterator(this, best_char_index); + } + +@@ -182,6 +185,8 @@ + if (_input_stream[source_index]->Type() != TEXT_SOURCE) + return iterator(this, char_index); + ++ if (char_index >= _characters.size()) ++ return end(); + return iterator(this, char_index); + /* This code was never used, the text_iterator argument was "NULL" in all calling code + InputStreamTextSource const *text_source = static_cast<InputStreamTextSource const *>(_input_stream[source_index]); +diff -Naur a/src/ui/tools/flood-tool.cpp b/src/ui/tools/flood-tool.cpp +--- a/src/ui/tools/flood-tool.cpp 2019-01-15 04:29:27.000000000 +0000 ++++ b/src/ui/tools/flood-tool.cpp 2019-06-25 18:55:14.064888807 +0100 +@@ -630,7 +630,7 @@ + bool can_paint_top = (top_ty > 0); + bool can_paint_bottom = (bottom_ty < bci.height); + +- Geom::Point t = fill_queue->front(); ++ Geom::Point front_of_queue = fill_queue->empty() ? Geom::Point() : fill_queue->front(); + + do { + ok = false; +@@ -648,8 +648,11 @@ + paint_directions = paint_pixel(px, trace_px, orig_color, bci, current_trace_t); + if (bci.radius == 0) { + mark_pixel_checked(current_trace_t); +- if ((t[Geom::X] == bci.x) && (t[Geom::Y] == bci.y)) { +- fill_queue->pop_front(); t = fill_queue->front(); ++ if ((!fill_queue->empty()) && ++ (front_of_queue[Geom::X] == bci.x) && ++ (front_of_queue[Geom::Y] == bci.y)) { ++ fill_queue->pop_front(); ++ front_of_queue = fill_queue->empty() ? Geom::Point() : fill_queue->front(); + } + } + |