void-packages/srcpkgs/libwmf/patches/01_player.c-integer-overflow-cve-2006-3376.patch
Đoàn Trần Công Danh 861ac185a6 srcpkgs/l*: convert patches to -Np1
```sh
git grep -l '^patch_args=-Np0' "srcpkgs/$1*/template" |
while read template; do
	for p in ${template%/template}/patches/*; do
		sed -i '
			\,^[+-][+-][+-] /dev/null,b
			/^[*-]\+ [0-9]\+\(,[0-9]\+\)\? [*-]\+$/b
			s,^[*][*][*] ,&a/,
			/^--- /{
				s,\(^--- \)\(./\)*,\1a/,
				s,[.][Oo][Rr][Ii][Gg]\([	/]\),\1,
				s/[.][Oo][Rr][Ii][Gg]$//
				s/[.]patched[.]\([^.]\)/.\1/
				h
			}
			/^+++ -/{
				g
				s/^--- a/+++ b/
				b
			}
			s,\(^+++ \)\(./\)*,\1b/,
		' "$p"
	done
	sed -i '/^patch_args=/d' $template
done
```
2021-06-20 13:17:29 +07:00

28 lines
701 B
Diff

--- a/src/player.c
+++ b/src/player.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <string.h>
#include <math.h>
@@ -132,8 +133,14 @@
}
}
-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
+ {
+ API->err = wmf_E_InsMem;
+ WMF_DEBUG (API,"bailing...");
+ return (API->err);
+ }
+
+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
if (ERR (API))
{ WMF_DEBUG (API,"bailing...");