nixpkgs/pkgs/development/libraries/libwmf/CVE-2006-3376.patch
Robert Helgesson 11947a55c8 libwmf: fix some security issues
The added patches (sourced from Debian) fixes the following security
issues:

  - CVE-2006-3376
  - CVE-2009-1364
  - CVE-2015-0848
  - CVE-2015-4588
  - CVE-2015-4695
  - CVE-2015-4696
2015-07-15 23:23:53 +02:00

29 lines
732 B
Diff

--- libwmf-0.2.8.4.orig/src/player.c
+++ libwmf-0.2.8.4/src/player.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <string.h>
#include <math.h>
@@ -132,8 +133,14 @@
}
}
-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
+ {
+ API->err = wmf_E_InsMem;
+ WMF_DEBUG (API,"bailing...");
+ return (API->err);
+ }
+
+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
if (ERR (API))
{ WMF_DEBUG (API,"bailing...");