testing/t1lib: new aport

1 files changed, 33 insertions, 0 deletions

diff --git a/testing/t1lib/format-security.patch b/testing/t1lib/format-security.patch
new file mode 100644
index 0000000000..442545571d
--- /dev/null
+++ b/testing/t1lib/format-security.patch
@@ -0,0 +1,33 @@
+--- a/lib/type1/objects.c
++++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+  
+        sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+                   name, TypeFmt(expect), TypeFmt(obj->type));
+-       IfTrace0(TRUE,typemsg);
++       IfTrace1(TRUE, "%s", typemsg);
+  
+        ObjectPostMortem(obj);
+  
+--- a/lib/t1lib/t1subset.c
++++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ 	     tr_len);
+     T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ 		 T1LOG_DEBUG);
+-    l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
++    l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
+   }
+   
+   /* compute size of output file */
+--- a/lib/type1/objects.h
++++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model)                                 \
+-        {if (condition) printf(model);}
++        {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0)                            \
+         {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1)                       \