Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 170987 Details for
Bug 245960
dev-libs/libxml2 <2.7.2-r1 Integer overflow/infinite loop (CVE-2008-4225, CVE-2008-4226)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libxml2-CVE-2008-4226.patch
libxml2-CVE-2008-4226.patch (text/plain), 706 bytes, created by
Robert Buchholz (RETIRED)
on 2008-11-07 13:34:06 UTC
(
hide
)
Description:
libxml2-CVE-2008-4226.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-11-07 13:34:06 UTC
Size:
706 bytes
patch
obsolete
>--- tree.c.orig 2008-10-31 18:14:00.000000000 -0700 >+++ tree.c 2008-10-31 18:14:35.000000000 -0700 >@@ -14,7 +14,7 @@ > #include "libxml.h" > > #include <string.h> /* for memset() only ! */ >- >+#include <limits.h> > #ifdef HAVE_CTYPE_H > #include <ctype.h> > #endif >@@ -6996,7 +6996,13 @@ > case XML_BUFFER_ALLOC_DOUBLEIT: > /*take care of empty case*/ > newSize = (buf->size ? buf->size*2 : size + 10); >- while (size > newSize) newSize *= 2; >+ while (size > newSize) { >+ if (newSize > UINT_MAX / 2) { >+ xmlTreeErrMemory("growing buffer"); >+ return 0; >+ } >+ newSize *= 2; >+ } > break; > case XML_BUFFER_ALLOC_EXACT: > newSize = size+10;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=170987">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 245960
:
170985
|
170987
|
172041
|
172099
|
172101
