From 31ae65aceecc72f731ee0710dbe5bc0b2cfef682 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Jul 01 2013 12:06:53 +0000
Subject: Use more caution when converting floats to strings (bug #980085).


Resolves: rhbz#980085

---

diff --git a/ghostscript-wrf-snprintf.patch b/ghostscript-wrf-snprintf.patch
new file mode 100644
index 0000000..b0da853
--- /dev/null
+++ b/ghostscript-wrf-snprintf.patch
@@ -0,0 +1,22 @@
+diff -up ghostscript-9.07/base/wrfont.c.wrf-snprintf ghostscript-9.07/base/wrfont.c
+--- ghostscript-9.07/base/wrfont.c.wrf-snprintf	2013-07-01 13:02:33.373244683 +0100
++++ ghostscript-9.07/base/wrfont.c	2013-07-01 13:04:55.022864299 +0100
+@@ -72,7 +72,8 @@ WRF_wfloat(WRF_output * a_output, double
+ {
+     char buffer[32];
+ 
+-    gs_sprintf(buffer, "%f", a_float);
++    if (gs_snprintf(buffer, sizeof (buffer), "%f", a_float) >= sizeof (buffer))
++        buffer[sizeof (buffer) - 1] = '\0';
+     WRF_wstring(a_output, buffer);
+ }
+ 
+@@ -81,6 +82,7 @@ WRF_wint(WRF_output * a_output, long a_i
+ {
+     char buffer[32];
+ 
+-    gs_sprintf(buffer, "%ld", a_int);
++    if (gs_snprintf(buffer, sizeof (buffer), "%ld", a_int) >= sizeof (buffer))
++        buffer[sizeof (buffer) - 1] = '\0';
+     WRF_wstring(a_output, buffer);
+ }
diff --git a/ghostscript.spec b/ghostscript.spec
index 61c6329..2cb9d6f 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer
 Name: ghostscript
 Version: %{gs_ver}
 
-Release: 6%{?dist}
+Release: 7%{?dist}
 
 # Included CMap data is Redistributable, no modification permitted,
 # see http://bugzilla.redhat.com/487510
@@ -28,6 +28,7 @@ Patch9: ghostscript-gdevcups-debug-uninit.patch
 Patch10: ghostscript-gs_sprintf.patch
 Patch11: ghostscript-pdfwrite-segfault.patch
 Patch12: ghostscript-strange-fonts.patch
+Patch13: ghostscript-wrf-snprintf.patch
 
 Requires: urw-fonts >= 1.1, ghostscript-fonts
 Requires: poppler-data
@@ -146,6 +147,9 @@ rm -rf expat freetype icclib jasper jpeg lcms2 libpng openjpeg zlib cups/libs
 # Upstream patch from bug #690692 to handle strange fonts (bug #969660).
 %patch12 -p1 -b .strange-fonts
 
+# Use more caution when converting floats to strings (bug #980085).
+%patch13 -p1 -b .wrf-snprintf
+
 # Remove pdfopt man pages which were mistakenly left in (bug #963882).
 rm man/{de/,}pdfopt.1
 
@@ -345,6 +349,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so
 
 %changelog
+* Mon Jul  1 2013 Tim Waugh <twaugh@redhat.com> 9.07-7
+- Use more caution when converting floats to strings (bug #980085).
+
 * Tue Jun 18 2013 Tim Waugh <twaugh@redhat.com> 9.07-6
 - Upstream patch from bug #690692 to handle strange fonts (bug #969660).