Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read(): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165 http://seclists.org/oss-sec/2016/q3/288 https://bugzilla.redhat.com/show_bug.cgi?id=1367357 https://security-tracker.debian.org/tracker/CVE-2016-10165 Patch copied from upstream source repository: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001 From: Marti Date: Mon, 15 Aug 2016 23:31:39 +0200 Subject: [PATCH] Added an extra check to MLU bounds Thanks to Ibrahim el-sayed for spotting the bug --- src/cmstypes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cmstypes.c b/src/cmstypes.c index cb61860..c7328b9 100644 --- a/src/cmstypes.c +++ b/src/cmstypes.c @@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU // Check for overflow if (Offset < (SizeOfHeader + 8)) goto Error; + if ((Offset + Len) > SizeOfTag + 8) goto Error; // True begin of the string BeginOfThisString = Offset - SizeOfHeader - 8; -- 2.11.0 .scm'>logtreecommitdiff
path: root/tests/graph.scm
AgeCommit message (Expand)Author
2023-04-07gnu: Purge pre-1.3.0 deprecated packages....* gnu/packages/bioinformatics.scm (deeptools): Remove variable. * gnu/packages/efi.scm (efi_analyzer): Ditto. * gnu/packages/guile.scm (guile-2.2/bug-fix, guile-json): Ditto. * gnu/packages/image.scm (libjpeg): Ditto. * gnu/packages/kde.scm (kdevplatform): Ditto * gnu/packages/linphone.scm (linphoneqt): Ditto. * gnu/packages/maths.scm (blis-sandybridge, blis-haswell, blis-knl): Ditto. * gnu/packages/mpi.scm (hwloc-2.0): Ditto. * gnu/packages/music.scm (python-abjad, zlfo): Ditto. * gnu/packages/perl.scm (perl-base, perl-parent): Ditto. * gnu/packages/tryton.scm (python-trytond): Ditto. * gnu/packages/video.scm (gnome-mpv): Ditto. * tests/graph.scm: Use guile-json-1. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2022-10-22Remove now unnecessary uses of (guix grafts)....These modules would use (guix grafts) just to access '%graft?' and related bindings, which are now in (guix store). * gnu/ci.scm, guix/gexp.scm, guix/lint.scm, guix/scripts.scm, guix/scripts/archive.scm, guix/scripts/build.scm, guix/scripts/challenge.scm, guix/scripts/deploy.scm, guix/scripts/environment.scm, guix/scripts/home.scm, guix/scripts/pack.scm, guix/scripts/package.scm, guix/scripts/pull.scm, guix/scripts/size.scm, guix/scripts/system.scm, guix/scripts/weather.scm, tests/builders.scm, tests/channels.scm, tests/cpan.scm, tests/derivations.scm, tests/gexp.scm, tests/graph.scm, tests/guix-daemon.sh, tests/monads.scm, tests/pack.scm, tests/packages.scm, tests/profiles.scm, tests/system.scm: Remove #:use-module (guix grafts). Ludovic Courtès
2022-07-01tests: Adjust 'guix graph' test to latest OCaml changes....* tests/graph.scm ("reverse bag DAG"): Adjust to latest OCaml changes by looking at dune/ocaml-camomile/ocaml-utop. Ludovic Courtès
2022-02-05tests: Assert that cyclic graphs can be produced....* tests/graph.scm ("package DAG, oops it was a cycle"): New test. Liliana Marie Prikler
2021-09-21graph: Add '--max-depth'....* guix/graph.scm (export-graph): Add #:max-depth and honor it, adding 'depths' argument to 'loop'. * guix/scripts/graph.scm (%options, show-help): Add '--max-depth'. (%default-options): Add 'max-depth'. (guix-graph): Pass #:max-depth to 'export-graph'. * tests/graph.scm ("package DAG, limited depth"): New test. * doc/guix.texi (Invoking guix graph): Document it. Ludovic Courtès