Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 172099 Details for
Bug 245960
dev-libs/libxml2 <2.7.2-r1 Integer overflow/infinite loop (CVE-2008-4225, CVE-2008-4226)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libxml2-2.7.2-CVE-2008-4225.patch
libxml2-2.7.2-CVE-2008-4225.patch (text/plain), 799 bytes, created by
Robert Buchholz (RETIRED)
on 2008-11-17 18:19:18 UTC
(
hide
)
Description:
libxml2-2.7.2-CVE-2008-4225.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-11-17 18:19:18 UTC
Size:
799 bytes
patch
obsolete
>Index: libxml2-2.7.2/tree.c >=================================================================== >--- libxml2-2.7.2.orig/tree.c >+++ libxml2-2.7.2/tree.c >@@ -14,7 +14,7 @@ > #include "libxml.h" > > #include <string.h> /* for memset() only ! */ >- >+#include <limits.h> > #ifdef HAVE_CTYPE_H > #include <ctype.h> > #endif >@@ -6996,7 +6996,13 @@ xmlBufferResize(xmlBufferPtr buf, unsign > case XML_BUFFER_ALLOC_DOUBLEIT: > /*take care of empty case*/ > newSize = (buf->size ? buf->size*2 : size + 10); >- while (size > newSize) newSize *= 2; >+ while (size > newSize) { >+ if (newSize > UINT_MAX / 2) { >+ xmlTreeErrMemory("growing buffer"); >+ return 0; >+ } >+ newSize *= 2; >+ } > break; > case XML_BUFFER_ALLOC_EXACT: > newSize = size+10;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 245960
:
170985
|
170987
|
172041
| 172099 |
172101