Commit | Line | Data |
---|---|---|
667e777b LF |
1 | Fix CVE-2016-7505: |
2 | ||
3 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7505 | |
4 | http://bugs.ghostscript.com/show_bug.cgi?id=697140 | |
5 | ||
6 | Patch copied from upstream source repository: | |
7 | http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=8c805b4eb19cf2af689c860b77e6111d2ee439d5 | |
8 | ||
9 | From 8c805b4eb19cf2af689c860b77e6111d2ee439d5 Mon Sep 17 00:00:00 2001 | |
10 | From: Tor Andersson <tor.andersson@artifex.com> | |
11 | Date: Wed, 21 Sep 2016 15:21:04 +0200 | |
12 | Subject: [PATCH] Fix bug 697140: Overflow check in ascii division in strtod. | |
13 | ||
14 | --- | |
15 | jsdtoa.c | 1 + | |
16 | 1 file changed, 1 insertion(+) | |
17 | ||
18 | diff --git a/jsdtoa.c b/jsdtoa.c | |
19 | index 2e52368..920c1a7 100644 | |
20 | --- a/thirdparty/mujs/jsdtoa.c | |
21 | +++ b/thirdparty/mujs/jsdtoa.c | |
22 | @@ -735,6 +735,7 @@ xx: | |
23 | n -= c<<b; | |
24 | *p++ = c + '0'; | |
25 | (*na)++; | |
26 | + if (*na >= Ndig) break; /* abort if overflowing */ | |
27 | } | |
28 | *p = 0; | |
29 | } | |
30 | -- | |
31 | 2.10.2 | |
32 |