Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 209335 Details for
Bug 290470
KDE Xpdf Multiple Integer Overflow Vulnerabilities (CVE-2009-{3603,3604,3606,3608,3609})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
kword-xpdf-overflows.patch
kword-xpdf-overflows.patch (text/plain), 1.33 KB, created by
Alex Legler (RETIRED)
on 2009-11-05 14:22:31 UTC
(
hide
)
Description:
kword-xpdf-overflows.patch
Filename:
MIME Type:
Creator:
Alex Legler (RETIRED)
Created:
2009-11-05 14:22:31 UTC
Size:
1.33 KB
patch
obsolete
>Patch for CVE-2009-3606 and CVE-2009-3609, adopted to kword, Gentoo bug 290470. -a3li@g.o > >diff -Naur koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc >--- koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc 2009-02-04 17:36:28.000000000 +0100 >+++ koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/PSOutputDev.cc 2009-11-05 14:59:50.824849320 +0100 >@@ -2322,7 +2322,7 @@ > width, -height, height); > > // allocate a line buffer >- lineBuf = (Guchar *)gmalloc(4 * width); >+ lineBuf = (Guchar *)gmallocn(width, 4); > > // set up to process the data stream > imgStr = new ImageStream(str, width, colorMap->getNumPixelComps(), >diff -Naur koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/Stream.cc koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/Stream.cc >--- koffice-1.6.3.orig/filters/kword/pdf/xpdf/xpdf/Stream.cc 2009-02-04 17:36:28.000000000 +0100 >+++ koffice-1.6.3/filters/kword/pdf/xpdf/xpdf/Stream.cc 2009-11-05 15:10:20.680847015 +0100 >@@ -327,7 +327,11 @@ > } else { > imgLineSize = nVals; > } >- imgLine = (Guchar *)gmalloc(imgLineSize * sizeof(Guchar)); >+ if (width > INT_MAX / nComps) { >+ // force a call to gmallocn(-1,...), which will throw an exception >+ imgLineSize = -1; >+ } >+ imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar)); > imgIdx = nVals; > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 290470
: 209335