Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 93069 Details for
Bug 139325
media-libs/libwmf: integer overflow (CVE-2006-3376)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Temporary fix for 0.2.8.3-r1.
libwmf-0.2.8.3-r1.tmpfix.patch (text/plain), 977 bytes, created by
Mattias Bengtsson
on 2006-07-30 09:43:02 UTC
(
hide
)
Description:
Temporary fix for 0.2.8.3-r1.
Filename:
MIME Type:
Creator:
Mattias Bengtsson
Created:
2006-07-30 09:43:02 UTC
Size:
977 bytes
patch
obsolete
>diff -Naur libwmf-0.2.8.3-r1.orig/src/player.c libwmf-0.2.8.3-r1/src/player.c >--- libwmf-0.2.8.3-r1.orig/src/player.c 2002-12-10 20:30:26.000000000 +0100 >+++ libwmf-0.2.8.3-r1/src/player.c 2006-07-30 18:32:23.000000000 +0200 >@@ -30,6 +30,8 @@ > #include <unistd.h> > #endif > >+#include <stdint.h> >+ > #include "wmfdefs.h" > #include "metadefs.h" > >@@ -133,7 +135,15 @@ > } > > /* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); >- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); >+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); */ >+ >+ if(MAX_REC_SIZE(API) > UINT32_MAX/2) { >+ API->err = wmf_E_InsMem; >+ WMF_DEBUG(API,"bailing..."); >+ return (API->err); >+ } >+ >+ P->Parameters = (unsigned char *) wmf_malloc(API,(MAX_REC_SIZE(API)) * 2 * sizeof(unsigned char)); > > if (ERR (API)) > { WMF_DEBUG (API,"bailing...");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 139325
:
93067
| 93069