File fig2dev-3.2.6a-style-overflow.patch of Package transfig.6127

Description: Sanitize input of fill patterns.
Bug-Debian: https://bugs.debian.org/881396
Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>

---
 fig2dev/read.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/fig2dev/read.c
+++ b/fig2dev/read.c	2017-11-22 14:07:28.096683657 +0000
@@ -61,6 +61,8 @@ static int		 save_comment();
 #define			FILL_CONVERT(f) \
 				((v2_flag || (f) < WHITE_FILL) \
 					? (v30_flag? f: (f-1)) : 20 - ((f)-1)*5)
+#define		FILL_SANITIZE(f)	((f) < UNFILLED || (f) >= \
+			NUMSHADES + NUMTINTS + NUMPATTERNS) ? UNFILLED : f
 
 /* input buffer size */
 #define		BUF_SIZE	1024
@@ -527,6 +529,7 @@ FILE	*fp;
 	}
 	a->thickness *= round(THICK_SCALE);
 	a->fill_style = FILL_CONVERT(a->fill_style);
+	a->fill_style = FILL_SANITIZE(a->fill_style);
 	/* keep track if pattern is used */
 	note_pattern(a->fill_style);
 	fix_color(&a->pen_color);
@@ -718,6 +721,7 @@ read_ellipseobject()
 	fix_color(&e->fill_color);
 	e->thickness *= round(THICK_SCALE);
 	e->fill_style = FILL_CONVERT(e->fill_style);
+	e->fill_style = FILL_SANITIZE(e->fill_style);
 	/* keep track if pattern is used */
 	note_pattern(e->fill_style);
 	e->comments = attach_comments();	/* attach any comments */
@@ -786,6 +790,7 @@ FILE	*fp;
 	l->radius *= round(THICK_SCALE);
 	l->thickness *= round(THICK_SCALE);
 	l->fill_style = FILL_CONVERT(l->fill_style);
+	l->fill_style = FILL_SANITIZE(l->fill_style);
 
 	/* keep track if pattern is used */
 	note_pattern(l->fill_style);
@@ -925,6 +930,7 @@ FILE	*fp;
 	    }
 	s->thickness *= round(THICK_SCALE);
 	s->fill_style = FILL_CONVERT(s->fill_style);
+	s->fill_style = FILL_SANITIZE(s->fill_style);
 	/* keep track if pattern is used */
 	note_pattern(s->fill_style);
 	fix_color(&s->pen_color);