Based on a patch from Fedora. http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3472.patch --- libwmf-0.2.8.4/src/extra/gd/gd.c +++ libwmf-0.2.8.4/src/extra/gd/gd.c @@ -106,6 +106,18 @@ gdImagePtr im; unsigned long cpa_size; + if (overflow2(sx, sy)) { + return NULL; + } + + if (overflow2(sizeof (int *), sy)) { + return NULL; + } + + if (overflow2(sizeof(int), sx)) { + return NULL; + } + im = (gdImage *) gdMalloc (sizeof (gdImage)); if (im == 0) return 0; memset (im, 0, sizeof (gdImage)); --- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:47:31.000000000 +0000 +++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:48:04.000000000 +0000 @@ -2,6 +2,7 @@ #include "gdhelpers.h" #include #include +#include /* TBB: gd_strtok_r is not portable; provide an implementation */ @@ -94,3 +95,18 @@ { free (ptr); } + +int overflow2(int a, int b) +{ + if(a < 0 || b < 0) { + fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n"); + return 1; + } + if(b == 0) + return 0; + if(a > INT_MAX / b) { + fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n"); + return 1; + } + return 0; +} --- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:47:17.000000000 +0000 +++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:48:36.000000000 +0000 @@ -15,4 +15,6 @@ void *gdMalloc(size_t size); void *gdRealloc(void *ptr, size_t size); +int overflow2(int a, int b); + #endif /* GDHELPERS_H */ ection.patch?id=b87bf3bbd4fbf064b2d22e4ba5a0727b1fb983b5'>diff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2018-01-18 01:02:51 +0100
committerTobias Geerinckx-Rice <me@tobias.gr>2018-01-18 04:26:42 +0100
commitb87bf3bbd4fbf064b2d22e4ba5a0727b1fb983b5 (patch)
treec183f1b2696f14596fb35b87f714dac587f3b138 /gnu/packages/patches/plink-endian-detection.patch
parent08a1e906ec37ba6a9780fa84ec29b59c2da0b099 (diff)
downloadguix-b87bf3bbd4fbf064b2d22e4ba5a0727b1fb983b5.tar.gz
guix-b87bf3bbd4fbf064b2d22e4ba5a0727b1fb983b5.zip
gnu: lxterminal: Update to 0.3.1.
* gnu/packages/lxde.scm (lxterminal): Update to 0.3.1. [source]: Remove patch for fixed CVE. [arguments]: No longer skip test suite which appear to be fixed. * gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/patches/plink-endian-detection.patch')
0 files changed, 0 insertions, 0 deletions