void-packages/srcpkgs/libwmf/patches/01_player.c-integer-overflow-cve-2006-3376.patch
maxice8 cd9b331d9f
libwmf: import debian patches to fix CVEs and gdk-pixbuf loader location
CVEs fixed:
- CVE-2006-3376
- CVE-2009-1364
- CVE-2015-0848
- CVE-2015-4588
- CVE-2015-4695
- CVE-2015-4696
- CVE-2016-9011
2018-08-23 17:16:47 -03:00

28 lines
697 B
Diff

--- src/player.c
+++ src/player.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <string.h>
#include <math.h>
@@ -132,8 +133,14 @@
}
}
-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
+ {
+ API->err = wmf_E_InsMem;
+ WMF_DEBUG (API,"bailing...");
+ return (API->err);
+ }
+
+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
if (ERR (API))
{ WMF_DEBUG (API,"bailing...");