Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 93067 Details for
Bug 139325
media-libs/libwmf: integer overflow (CVE-2006-3376)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Temporary fix for 0.2.8.3-r1.
libwmf-0.2.8.3-r1.tmpfix.patch (text/plain), 874 bytes, created by
Mattias Bengtsson
on 2006-07-30 09:25:39 UTC
(
hide
)
Description:
Temporary fix for 0.2.8.3-r1.
Filename:
MIME Type:
Creator:
Mattias Bengtsson
Created:
2006-07-30 09:25:39 UTC
Size:
874 bytes
patch
obsolete
>diff -Naur libwmf-0.2.8.3-r1.orig/src/player.c libwmf-0.2.8.3-r1/src/player.c >--- libwmf-0.2.8.3-r1.orig/src/player.c 2002-12-10 20:30:26.000000000 +0100 >+++ libwmf-0.2.8.3-r1/src/player.c 2006-07-30 18:20:39.000000000 +0200 >@@ -30,6 +30,8 @@ > #include <unistd.h> > #endif > >+#include <stdint.h> >+ > #include "wmfdefs.h" > #include "metadefs.h" > >@@ -133,7 +135,13 @@ > } > > /* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); >- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); >+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); */ >+ >+ if(MAX_REC_SIZE(API) > UINT32_MAX/2) { >+ API->err = wmf_E_InsMem; >+ WMF_DEBUG(API,"bailing..."); >+ return (API->err); >+ } > > if (ERR (API)) > { WMF_DEBUG (API,"bailing...");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 139325
:
93067
|
93069