Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 99949 Details for
Bug 151838
x11-libs/qt: khtml/qt integer overflow (CVE-2006-4811)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Qt patch
attachment.cgi (text/plain), 955 bytes, created by
Diego Elio Pettenò (RETIRED)
on 2006-10-18 09:30:45 UTC
(
hide
)
Description:
Qt patch
Filename:
MIME Type:
Creator:
Diego Elio Pettenò (RETIRED)
Created:
2006-10-18 09:30:45 UTC
Size:
955 bytes
patch
obsolete
>--- src/kernel/qpixmap_x11.cpp.josh 2006-10-13 23:30:27.000000000 -0400 >+++ src/kernel/qpixmap_x11.cpp 2006-10-14 00:31:01.000000000 -0400 >@@ -1758,6 +1758,12 @@ QPixmap QPixmap::xForm( const QWMatrix & > dbpl = ((w*bpp+31)/32)*4; > dbytes = dbpl*h; > >+ if (dbytes != (long long) dbpl*h) { // Integer overflow detection >+ QPixmap pm; >+ pm.data->bitmap = data->bitmap; >+ return pm; >+ } >+ > #if defined(QT_MITSHM) > if ( use_mitshm ) { > dptr = (uchar *)xshmimg->data; >@@ -1867,6 +1873,11 @@ QPixmap QPixmap::xForm( const QWMatrix & > sptr = (uchar *) axi->data; > bpp = axi->bits_per_pixel; > dbytes = dbpl * h; >+ if (dbytes != (long long) dbpl*h) { // Integer overflow detection >+ QPixmap pm; >+ pm.data->bitmap = data->bitmap; >+ return pm; >+ } > dptr = (uchar *) malloc(dbytes); > Q_CHECK_PTR( dptr ); > memset(dptr, 0, dbytes);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=99949">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 151838
: 99949 |
100045
