RHEL-192009 CVE-2026-14544 hplip: Incomplete Fix for CVE-2026-8631
Resolves: RHEL-192009
This commit is contained in:
parent
46c66ce1fe
commit
d475d5fbf4
@ -1,13 +1,10 @@
|
||||
diff --git a/prnt/hpcups/genPCLm.cpp b/prnt/hpcups/genPCLm.cpp
|
||||
index 0e1650c..5f83cba 100644
|
||||
--- a/prnt/hpcups/genPCLm.cpp
|
||||
+++ b/prnt/hpcups/genPCLm.cpp
|
||||
@@ -1917,8 +1917,11 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
#ifdef SUPPORT_WHITE_STRIPS
|
||||
diff -up hplip-3.21.2/prnt/hpcups/genPCLm.cpp.CVE-2026-8631-osh hplip-3.21.2/prnt/hpcups/genPCLm.cpp
|
||||
--- hplip-3.21.2/prnt/hpcups/genPCLm.cpp.CVE-2026-8631-osh 2026-07-03 08:25:17.717888763 +0200
|
||||
+++ hplip-3.21.2/prnt/hpcups/genPCLm.cpp 2026-07-03 08:48:22.225130940 +0200
|
||||
@@ -1922,7 +1922,10 @@ int PCLmGenerator::Encapsulate(void *pI
|
||||
int whiteStripLen=0;
|
||||
if(!safe_mul_int_positive(thisHeight, currSourceWidth, &whiteStripLen) ||
|
||||
- !safe_mul_int_positive(whiteStripLen, srcNumComponents, &whiteStripLen))
|
||||
+ !safe_mul_int_positive(thisHeight, srcNumComponents, &whiteStripLen))
|
||||
!safe_mul_int_positive(whiteStripLen, srcNumComponents, &whiteStripLen))
|
||||
+ {
|
||||
+ free(newStripPtr);
|
||||
return(errorOutAndCleanUp());
|
||||
@ -15,7 +12,7 @@ index 0e1650c..5f83cba 100644
|
||||
bool whiteStrip=isWhiteStrip(pInBuffer, whiteStripLen);
|
||||
if(DebugIt2)
|
||||
{
|
||||
@@ -1940,11 +1943,17 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
@@ -1944,11 +1947,17 @@ int PCLmGenerator::Encapsulate(void *pI
|
||||
ubyte whitePt=0xff;
|
||||
size_t tmpStripSize=0;
|
||||
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
|
||||
@ -33,7 +30,7 @@ index 0e1650c..5f83cba 100644
|
||||
memset(tmpStrip,whitePt,tmpStripSize);
|
||||
|
||||
|
||||
@@ -2012,7 +2021,10 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
@@ -2016,7 +2025,10 @@ int PCLmGenerator::Encapsulate(void *pI
|
||||
{
|
||||
int sourceLen=0;
|
||||
if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))
|
||||
@ -44,7 +41,7 @@ index 0e1650c..5f83cba 100644
|
||||
uint32 len=(uint32)sourceLen;
|
||||
uLongf destSize=len;
|
||||
|
||||
@@ -2021,12 +2033,18 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
@@ -2025,12 +2037,18 @@ int PCLmGenerator::Encapsulate(void *pI
|
||||
ubyte whitePt=0xff;
|
||||
size_t tmpStripSize=0;
|
||||
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
|
||||
@ -63,7 +60,7 @@ index 0e1650c..5f83cba 100644
|
||||
uLongf tmpDestSize=destSize;
|
||||
memset(tmpStrip,whitePt,tmpStripSize);
|
||||
|
||||
@@ -2075,20 +2093,29 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
|
||||
@@ -2079,20 +2097,29 @@ int PCLmGenerator::Encapsulate(void *pI
|
||||
{
|
||||
int sourceLen=0;
|
||||
if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: HP Linux Imaging and Printing Project
|
||||
Name: hplip
|
||||
Version: 3.18.4
|
||||
Release: 13%{?dist}
|
||||
Release: 14%{?dist}
|
||||
License: GPLv2+ and MIT and BSD and IJG and Public Domain and GPLv2+ with exceptions and ISC
|
||||
|
||||
Url: https://developers.hp.com/hp-linux-imaging-and-printing
|
||||
@ -554,6 +554,9 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop
|
||||
%config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio
|
||||
|
||||
%changelog
|
||||
* Fri Jul 03 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-14
|
||||
- RHEL-192009 CVE-2026-14544 hplip: Incomplete Fix for CVE-2026-8631
|
||||
|
||||
* Mon Jun 15 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-13
|
||||
- Fix more leaks in hpcups
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user