RHEL-192009 CVE-2026-14544 hplip: Incomplete Fix for CVE-2026-8631

Resolves: RHEL-192009
This commit is contained in:
Zdenek Dohnal 2026-07-03 10:38:32 +02:00
parent 46c66ce1fe
commit d475d5fbf4
2 changed files with 13 additions and 13 deletions

View File

@ -1,13 +1,10 @@
diff --git a/prnt/hpcups/genPCLm.cpp b/prnt/hpcups/genPCLm.cpp
index 0e1650c..5f83cba 100644
--- a/prnt/hpcups/genPCLm.cpp
+++ b/prnt/hpcups/genPCLm.cpp
@@ -1917,8 +1917,11 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
#ifdef SUPPORT_WHITE_STRIPS
diff -up hplip-3.21.2/prnt/hpcups/genPCLm.cpp.CVE-2026-8631-osh hplip-3.21.2/prnt/hpcups/genPCLm.cpp
--- hplip-3.21.2/prnt/hpcups/genPCLm.cpp.CVE-2026-8631-osh 2026-07-03 08:25:17.717888763 +0200
+++ hplip-3.21.2/prnt/hpcups/genPCLm.cpp 2026-07-03 08:48:22.225130940 +0200
@@ -1922,7 +1922,10 @@ int PCLmGenerator::Encapsulate(void *pI
int whiteStripLen=0;
if(!safe_mul_int_positive(thisHeight, currSourceWidth, &whiteStripLen) ||
- !safe_mul_int_positive(whiteStripLen, srcNumComponents, &whiteStripLen))
+ !safe_mul_int_positive(thisHeight, srcNumComponents, &whiteStripLen))
!safe_mul_int_positive(whiteStripLen, srcNumComponents, &whiteStripLen))
+ {
+ free(newStripPtr);
return(errorOutAndCleanUp());
@ -15,7 +12,7 @@ index 0e1650c..5f83cba 100644
bool whiteStrip=isWhiteStrip(pInBuffer, whiteStripLen);
if(DebugIt2)
{
@@ -1940,11 +1943,17 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
@@ -1944,11 +1947,17 @@ int PCLmGenerator::Encapsulate(void *pI
ubyte whitePt=0xff;
size_t tmpStripSize=0;
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
@ -33,7 +30,7 @@ index 0e1650c..5f83cba 100644
memset(tmpStrip,whitePt,tmpStripSize);
@@ -2012,7 +2021,10 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
@@ -2016,7 +2025,10 @@ int PCLmGenerator::Encapsulate(void *pI
{
int sourceLen=0;
if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))
@ -44,7 +41,7 @@ index 0e1650c..5f83cba 100644
uint32 len=(uint32)sourceLen;
uLongf destSize=len;
@@ -2021,12 +2033,18 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
@@ -2025,12 +2037,18 @@ int PCLmGenerator::Encapsulate(void *pI
ubyte whitePt=0xff;
size_t tmpStripSize=0;
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
@ -63,7 +60,7 @@ index 0e1650c..5f83cba 100644
uLongf tmpDestSize=destSize;
memset(tmpStrip,whitePt,tmpStripSize);
@@ -2075,20 +2093,29 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
@@ -2079,20 +2097,29 @@ int PCLmGenerator::Encapsulate(void *pI
{
int sourceLen=0;
if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))

View File

@ -7,7 +7,7 @@
Summary: HP Linux Imaging and Printing Project
Name: hplip
Version: 3.18.4
Release: 13%{?dist}
Release: 14%{?dist}
License: GPLv2+ and MIT and BSD and IJG and Public Domain and GPLv2+ with exceptions and ISC
Url: https://developers.hp.com/hp-linux-imaging-and-printing
@ -554,6 +554,9 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop
%config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio
%changelog
* Fri Jul 03 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-14
- RHEL-192009 CVE-2026-14544 hplip: Incomplete Fix for CVE-2026-8631
* Mon Jun 15 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-13
- Fix more leaks in hpcups