rpms/libwmf/devel libwmf-0.2.8.4-intoverflow.patch, NONE, 1.1 libwmf.spec, 1.22, 1.23

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Jul 12 15:05:17 UTC 2006 

Author: caolanm

Update of /cvs/dist/rpms/libwmf/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv2956

Modified Files:
	libwmf.spec 
Added Files:
	libwmf-0.2.8.4-intoverflow.patch 
Log Message:
CVE-2006-3376 libwmf integer overflow

libwmf-0.2.8.4-intoverflow.patch:
 player.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

--- NEW FILE libwmf-0.2.8.4-intoverflow.patch ---
--- libwmf-0.2.8.4.orig/src/player.c	2002-12-10 19:30:26.000000000 +0000
+++ libwmf-0.2.8.4/src/player.c	2006-07-12 15:12:52.000000000 +0100
@@ -42,6 +42,7 @@
 #include "player/defaults.h" /* Provides: default settings               */
 #include "player/record.h"   /* Provides: parameter mechanism            */
 #include "player/meta.h"     /* Provides: record interpreters            */
+#include <stdint.h>
 
 /**
  * @internal
@@ -132,8 +134,14 @@
 		}
 	}
 
-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
+	if (MAX_REC_SIZE(API) > SIZE_MAX / 2)
+	{
+		API->err = wmf_E_InsMem;
+		WMF_DEBUG (API,"bailing...");
+		return (API->err);
+	}
+	
+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2);
 
 	if (ERR (API))
 	{	WMF_DEBUG (API,"bailing...");


Index: libwmf.spec
===================================================================
RCS file: /cvs/dist/rpms/libwmf/devel/libwmf.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- libwmf.spec	16 May 2006 17:11:52 -0000	1.22
+++ libwmf.spec	12 Jul 2006 15:05:14 -0000	1.23
@@ -1,7 +1,7 @@
 Summary: Windows Metafile Library
 Name: libwmf
 Version: 0.2.8.4
-Release: 8
+Release: 9
 Group: System Environment/Libraries
 License: LGPL
 Source: http://prdownloads.sourceforge.net/wvware/%{name}-%{version}.tar.gz
@@ -11,6 +11,7 @@
 Patch2: libwmf-0.2.8.4-fallbackfont.patch
 Patch3: libwmf-0.2.8.4-deps.patch
 Patch4: libwmf-0.2.8.4-multiarchdevel.patch
+Patch5: libwmf-0.2.8.4-intoverflow.patch
 Requires: gtk2 >= 2.9.0
 Requires: libxml2 >= 2.6.8
 Requires: gd >= 2.0.21
@@ -48,6 +49,7 @@
 %patch2 -p1 -b .fallbackfont
 %patch3 -p1 -b .deps
 %patch4 -p1 -b .multiarchdevel
+%patch5 -p1 -b .intoverflow
 
 %build
 rm configure.ac
@@ -105,6 +107,9 @@
 rm -r $RPM_BUILD_ROOT
 
 %changelog
+* Wed Jul 12 2006 Caolan McNamara <caolanm at redhat.com> 0.2.8.4-9
+- CVE-2006-3376 libwmf integer overflow
+
 * Tue May 16 2006 Caolan McNamara <caolanm at redhat.com> 0.2.8.4-8
 - rh#191971# BuildRequires

More information about the fedora-cvs-commits mailing list