diff -up cups-1.2.4/filter/textcommon.c.CVE-2008-3640 cups-1.2.4/filter/textcommon.c
--- cups-1.2.4/filter/textcommon.c.CVE-2008-3640	2005-08-04 19:40:13.000000000 +0100
+++ cups-1.2.4/filter/textcommon.c	2008-09-30 15:00:29.000000000 +0100
@@ -3,6 +3,7 @@
  *
  *   Common text filter routines for the Common UNIX Printing System (CUPS).
  *
+ *   Copyright 2007-2008 by Apple Inc.
  *   Copyright 1997-2005 by Easy Software Products.
  *
  *   These coded instructions, statements, and computer programs are the
@@ -613,14 +614,38 @@ TextMain(const char *name,	/* I - Name o
                 !strcasecmp(val, "yes");
 
   if ((val = cupsGetOption("columns", num_options, options)) != NULL)
+  {
     PageColumns = atoi(val);
 
+    if (PageColumns < 1)
+    {
+      fprintf(stderr, "ERROR: Bad columns value %d!\n", PageColumns);
+      return (1);
+    }
+  }
+
   if ((val = cupsGetOption("cpi", num_options, options)) != NULL)
+  {
     CharsPerInch = atof(val);
 
+    if (CharsPerInch <= 0.0)
+    {
+      fprintf(stderr, "ERROR: Bad cpi value %f!\n", CharsPerInch);
+      return (1);
+    }
+  }
+
   if ((val = cupsGetOption("lpi", num_options, options)) != NULL)
+  {
     LinesPerInch = atof(val);
 
+    if (LinesPerInch <= 0.0)
+    {
+      fprintf(stderr, "ERROR: Bad lpi value %f!\n", LinesPerInch);
+      return (1);
+    }
+  }
+
   if (PrettyPrint)
     PageTop -= 216.0f / LinesPerInch;
 
diff -up cups-1.2.4/filter/texttops.c.CVE-2008-3640 cups-1.2.4/filter/texttops.c
--- cups-1.2.4/filter/texttops.c.CVE-2008-3640	2005-09-21 10:28:39.000000000 +0100
+++ cups-1.2.4/filter/texttops.c	2008-09-30 14:59:42.000000000 +0100
@@ -181,6 +181,14 @@ WriteProlog(const char *title,		/* I - T
   SizeColumns = (PageRight - PageLeft) / 72.0 * CharsPerInch;
   SizeLines   = (PageTop - PageBottom) / 72.0 * LinesPerInch;
 
+  if (SizeColumns <= 0 || SizeColumns > 32767 ||
+      SizeLines <= 0 || SizeLines > 32767)
+  {
+    fprintf(stderr, "ERROR: Unable to print %dx%d text page!\n",
+	    SizeColumns, SizeLines);
+    exit(1);
+  }
+
   Page    = calloc(sizeof(lchar_t *), SizeLines);
   Page[0] = calloc(sizeof(lchar_t), SizeColumns * SizeLines);
   for (i = 1; i < SizeLines; i ++)
@@ -195,6 +203,13 @@ WriteProlog(const char *title,		/* I - T
   else
     ColumnWidth = SizeColumns;
 
+  if (ColumnWidth <= 0)
+  {
+    fprintf(stderr, "ERROR: Unable to print %d text columns!\n",
+	    PageColumns);
+    exit(1);
+  }
+
  /*
   * Output the DSC header...
   */