HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: gd: Fix-CVE-2016-3074.
[jackhill/guix/guix.git] / gnu / packages / patches / libwmf-CVE-2006-3376.patch
1 Copied from Debian.
2
3 --- libwmf-0.2.8.4.orig/src/player.c
4 +++ libwmf-0.2.8.4/src/player.c
5 @@ -23,6 +23,7 @@
6
7 #include <stdio.h>
8 #include <stdlib.h>
9 +#include <stdint.h>
10 #include <string.h>
11 #include <math.h>
12
13 @@ -132,8 +133,14 @@
14 }
15 }
16
17 -/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
18 - */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
19 + if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
20 + {
21 + API->err = wmf_E_InsMem;
22 + WMF_DEBUG (API,"bailing...");
23 + return (API->err);
24 + }
25 +
26 + P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
27
28 if (ERR (API))
29 { WMF_DEBUG (API,"bailing...");
30
jackhill's copy of GNU Guix: https://guix.gnu.org/