CVE-2006-3376 libwmf integer overflow
This commit is contained in:
Caolan McNamara
parent
4680e16763
commit
18e6e33dc5
27
libwmf-0.2.8.4-intoverflow.patch
Normal file
27
libwmf-0.2.8.4-intoverflow.patch
Normal file
@ -0,0 +1,27 @@
|
||||
--- libwmf-0.2.8.4.orig/src/player.c 2002-12-10 19:30:26.000000000 +0000
|
||||
+++ libwmf-0.2.8.4/src/player.c 2006-07-12 15:12:52.000000000 +0100
|
||||
@@ -42,6 +42,7 @@
|
||||
#include "player/defaults.h" /* Provides: default settings */
|
||||
#include "player/record.h" /* Provides: parameter mechanism */
|
||||
#include "player/meta.h" /* Provides: record interpreters */
|
||||
+#include <stdint.h>
|
||||
|
||||
/**
|
||||
* @internal
|
||||
@@ -132,8 +134,14 @@
|
||||
}
|
||||
}
|
||||
|
||||
-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
|
||||
- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
|
||||
+ if (MAX_REC_SIZE(API) > SIZE_MAX / 2)
|
||||
+ {
|
||||
+ API->err = wmf_E_InsMem;
|
||||
+ WMF_DEBUG (API,"bailing...");
|
||||
+ return (API->err);
|
||||
+ }
|
||||
+
|
||||
+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2);
|
||||
|
||||
if (ERR (API))
|
||||
{ WMF_DEBUG (API,"bailing...");
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Windows Metafile Library
|
||||
Name: libwmf
|
||||
Version: 0.2.8.4
|
||||
Release: 8
|
||||
Release: 9
|
||||
Group: System Environment/Libraries
|
||||
License: LGPL
|
||||
Source: http://prdownloads.sourceforge.net/wvware/%{name}-%{version}.tar.gz
|
||||
@ -11,6 +11,7 @@ Patch1: libwmf-0.2.8.3-relocatablefonts.patch
|
||||
Patch2: libwmf-0.2.8.4-fallbackfont.patch
|
||||
Patch3: libwmf-0.2.8.4-deps.patch
|
||||
Patch4: libwmf-0.2.8.4-multiarchdevel.patch
|
||||
Patch5: libwmf-0.2.8.4-intoverflow.patch
|
||||
Requires: gtk2 >= 2.9.0
|
||||
Requires: libxml2 >= 2.6.8
|
||||
Requires: gd >= 2.0.21
|
||||
@ -48,6 +49,7 @@ Libraries, headers, and support files necessary to compile applications using li
|
||||
%patch2 -p1 -b .fallbackfont
|
||||
%patch3 -p1 -b .deps
|
||||
%patch4 -p1 -b .multiarchdevel
|
||||
%patch5 -p1 -b .intoverflow
|
||||
|
||||
%build
|
||||
rm configure.ac
|
||||
@ -105,6 +107,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/gtk-2.0/*/loaders/*.la
|
||||
rm -r $RPM_BUILD_ROOT
|
||||
|
||||
%changelog
|
||||
* Wed Jul 12 2006 Caolan McNamara <caolanm@redhat.com> 0.2.8.4-9
|
||||
- CVE-2006-3376 libwmf integer overflow
|
||||
|
||||
* Tue May 16 2006 Caolan McNamara <caolanm@redhat.com> 0.2.8.4-8
|
||||
- rh#191971# BuildRequires
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user