all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
blob 1e0e1ecfa8b4c3482c509f10b85b12d17226b8d5 753 bytes (raw)
name: packages/patches/libwmf-CVE-2006-3376.patch 	 # note: path name is non-authoritative(*)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
Copied from Debian.

--- libwmf-0.2.8.4.orig/src/player.c
+++ libwmf-0.2.8.4/src/player.c
@@ -23,6 +23,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdint.h>
 #include <string.h>
 #include <math.h>
 
@@ -132,8 +133,14 @@
 		}
 	}
 
-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
+	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
+	{
+		API->err = wmf_E_InsMem;
+		WMF_DEBUG (API,"bailing...");
+		return (API->err);
+	}
+
+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
 
 	if (ERR (API))
 	{	WMF_DEBUG (API,"bailing...");


debug log:

solving 1e0e1ecfa8b4c3482c509f10b85b12d17226b8d5 ...
found 1e0e1ecfa8b4c3482c509f10b85b12d17226b8d5 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.