OSH fixes after CVE-2026-8631
Resolves: RHEL-178718
This commit is contained in:
parent
5fd973cd2c
commit
46c66ce1fe
@ -1,8 +1,8 @@
|
||||
diff --git a/prnt/hpcups/genPCLm.cpp b/prnt/hpcups/genPCLm.cpp
|
||||
index 1952ef2..0b3208a 100644
|
||||
index 0e1650c..5f83cba 100644
|
||||
--- a/prnt/hpcups/genPCLm.cpp
|
||||
+++ b/prnt/hpcups/genPCLm.cpp
|
||||
@@ -1921,8 +1921,11 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
@@ -1917,8 +1917,11 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
#ifdef SUPPORT_WHITE_STRIPS
|
||||
int whiteStripLen=0;
|
||||
if(!safe_mul_int_positive(thisHeight, currSourceWidth, &whiteStripLen) ||
|
||||
@ -15,7 +15,7 @@ index 1952ef2..0b3208a 100644
|
||||
bool whiteStrip=isWhiteStrip(pInBuffer, whiteStripLen);
|
||||
if(DebugIt2)
|
||||
{
|
||||
@@ -1944,11 +1947,17 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
@@ -1940,11 +1943,17 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
ubyte whitePt=0xff;
|
||||
size_t tmpStripSize=0;
|
||||
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
|
||||
@ -33,3 +33,63 @@ index 1952ef2..0b3208a 100644
|
||||
memset(tmpStrip,whitePt,tmpStripSize);
|
||||
|
||||
|
||||
@@ -2012,7 +2021,10 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
{
|
||||
int sourceLen=0;
|
||||
if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))
|
||||
+ {
|
||||
+ free(newStripPtr);
|
||||
return(errorOutAndCleanUp());
|
||||
+ }
|
||||
uint32 len=(uint32)sourceLen;
|
||||
uLongf destSize=len;
|
||||
|
||||
@@ -2021,12 +2033,18 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
ubyte whitePt=0xff;
|
||||
size_t tmpStripSize=0;
|
||||
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
|
||||
+ {
|
||||
+ free(newStripPtr);
|
||||
return(errorOutAndCleanUp());
|
||||
+ }
|
||||
|
||||
// We need to inject a blank image-strip with a height==topMarginInPix
|
||||
ubyte *tmpStrip=(ubyte*)malloc(tmpStripSize);
|
||||
if(!tmpStrip)
|
||||
+ {
|
||||
+ free(newStripPtr);
|
||||
return(errorOutAndCleanUp());
|
||||
+ }
|
||||
uLongf tmpDestSize=destSize;
|
||||
memset(tmpStrip,whitePt,tmpStripSize);
|
||||
|
||||
@@ -2075,20 +2093,29 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
{
|
||||
int sourceLen=0;
|
||||
if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))
|
||||
+ {
|
||||
+ free(newStripPtr);
|
||||
return(errorOutAndCleanUp());
|
||||
+ }
|
||||
|
||||
if(firstStrip && topMarginInPix)
|
||||
{
|
||||
ubyte whitePt=0xff;
|
||||
size_t tmpStripSize=0;
|
||||
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
|
||||
+ {
|
||||
+ free(newStripPtr);
|
||||
return(errorOutAndCleanUp());
|
||||
+ }
|
||||
|
||||
// We need to inject a blank image-strip with a height==topMarginInPix
|
||||
|
||||
ubyte *tmpStrip=(ubyte*)malloc(tmpStripSize);
|
||||
if(!tmpStrip)
|
||||
+ {
|
||||
+ free(newStripPtr);
|
||||
return(errorOutAndCleanUp());
|
||||
+ }
|
||||
memset(tmpStrip,whitePt,tmpStripSize);
|
||||
|
||||
for(sint32 stripCntr=0; stripCntr<numFullInjectedStrips;stripCntr++)
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: HP Linux Imaging and Printing Project
|
||||
Name: hplip
|
||||
Version: 3.18.4
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
License: GPLv2+ and MIT and BSD and IJG and Public Domain and GPLv2+ with exceptions and ISC
|
||||
|
||||
Url: https://developers.hp.com/hp-linux-imaging-and-printing
|
||||
@ -554,6 +554,9 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop
|
||||
%config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio
|
||||
|
||||
%changelog
|
||||
* Mon Jun 15 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-13
|
||||
- Fix more leaks in hpcups
|
||||
|
||||
* Fri Jun 12 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-12
|
||||
- OSH fixes after CVE-2026-8631
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user