Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 184243 Details for
Bug 260269
<media-libs/lcms-1.18 integer overflows (CVE-2009-{0581,0723,0733})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
lcms-1.18-beta1-additions.patch
lcms-1.18-beta1-additions.patch (text/plain), 1.68 KB, created by
Robert Buchholz (RETIRED)
on 2009-03-07 17:31:49 UTC
(
hide
)
Description:
lcms-1.18-beta1-additions.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-03-07 17:31:49 UTC
Size:
1.68 KB
patch
obsolete
>diff -rubB lcms-1.18-orig/include/lcms.h lcms-1.18/include/lcms.h >--- lcms-1.18-orig/include/lcms.h 2009-02-17 06:01:16.000000000 -0800 >+++ lcms-1.18/include/lcms.h 2009-03-03 13:43:28.000000000 -0800 >@@ -1423,7 +1423,10 @@ > LCMS_INLINE void* _cmsCalloc(size_t nmemb, size_t size) > { > size_t alloc = nmemb * size; >- if (alloc < nmemb || alloc < size) { >+ if (size == 0) { >+ return _cmsMalloc(0); >+ } >+ if (alloc / size != nmemb) { > return NULL; > } > return _cmsMalloc(alloc); >diff -rubB lcms-1.18-orig/src/cmsio0.c lcms-1.18/src/cmsio0.c >--- lcms-1.18-orig/src/cmsio0.c 2009-02-17 06:02:15.000000000 -0800 >+++ lcms-1.18/src/cmsio0.c 2009-03-03 13:37:29.000000000 -0800 >@@ -77,7 +77,11 @@ > size_t len = size * count; > size_t extent = ResData -> Pointer + len; > >- if (len < size || len < count) { >+ if (len == 0) { >+ return 0; >+ } >+ >+ if (len / size != count) { > cmsSignalError(LCMS_ERRC_ABORTED, "Read from memory error. Integer overflow with count / size."); > return 0; > } >diff -rubB lcms-1.18-orig/src/cmslut.c lcms-1.18/src/cmslut.c >--- lcms-1.18-orig/src/cmslut.c 2009-02-17 06:06:43.000000000 -0800 >+++ lcms-1.18/src/cmslut.c 2009-03-03 13:38:18.000000000 -0800 >@@ -200,14 +200,14 @@ > oldCalc = calc; > calc *= NewLUT -> cLutPoints; > >- if (calc < oldCalc || calc < NewLUT -> cLutPoints) { >+ if (calc / NewLUT -> cLutPoints != oldCalc) { > return FALSE; > } > } > > oldCalc = calc; > calc *= NewLUT -> OutputChan; >- if (calc < oldCalc || calc < NewLUT -> OutputChan) { >+ if (NewLUT -> OutputChan && calc / NewLUT -> OutputChan != oldCalc) { > return FALSE; > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 260269
:
183152
|
183153
|
183389
| 184243