rpms/libwmf/FC-4 libwmf-0.2.8.4-intoverflow.patch, NONE, 1.1 libwmf.spec, 1.8, 1.9
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jul 12 15:11:21 UTC 2006
Author: caolanm
Update of /cvs/dist/rpms/libwmf/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv4033
Modified Files:
libwmf.spec
Added Files:
libwmf-0.2.8.4-intoverflow.patch
Log Message:
CVE-2006-3376 libwmf integer overflow
libwmf-0.2.8.4-intoverflow.patch:
player.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
--- NEW FILE libwmf-0.2.8.4-intoverflow.patch ---
--- libwmf-0.2.8.4.orig/src/player.c 2002-12-10 19:30:26.000000000 +0000
+++ libwmf-0.2.8.4/src/player.c 2006-07-12 15:12:52.000000000 +0100
@@ -42,6 +42,7 @@
#include "player/defaults.h" /* Provides: default settings */
#include "player/record.h" /* Provides: parameter mechanism */
#include "player/meta.h" /* Provides: record interpreters */
+#include <stdint.h>
/**
* @internal
@@ -132,8 +134,14 @@
}
}
-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+ if (MAX_REC_SIZE(API) > SIZE_MAX / 2)
+ {
+ API->err = wmf_E_InsMem;
+ WMF_DEBUG (API,"bailing...");
+ return (API->err);
+ }
+
+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2);
if (ERR (API))
{ WMF_DEBUG (API,"bailing...");
Index: libwmf.spec
===================================================================
RCS file: /cvs/dist/rpms/libwmf/FC-4/libwmf.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- libwmf.spec 2 Mar 2005 14:15:56 -0000 1.8
+++ libwmf.spec 12 Jul 2006 15:11:19 -0000 1.9
@@ -1,7 +1,7 @@
Summary: Windows Metafile Library
Name: libwmf
Version: 0.2.8.3
-Release: 8
+Release: 9
Group: System Environment/Libraries
License: LGPL
Source: http://prdownloads.sourceforge.net/wvware/%{name}-%{version}.tar.gz
@@ -10,6 +10,7 @@
Patch1: libwmf-0.2.8.3-relocatablefonts.patch
Patch2: libwmf-0.2.8.3-warnings.patch
Patch3: libwmf-0.2.8.3-noextras.patch
+Patch4: libwmf-0.2.8.4-intoverflow.patch
Requires: gtk2 >= 2.4.1-2
Requires: libxml2 >= 2.6.8
Requires: gd >= 2.0.21
@@ -43,6 +44,7 @@
%patch1 -p1 -b .relocatablefonts
%patch2 -p1 -b .warnings
%patch3 -p1 -b .noextras
+%patch4 -p1 -b .intoverflow
%build
rm configure.ac
@@ -99,6 +101,9 @@
rm -r $RPM_BUILD_ROOT
%changelog
+* Wed Jul 12 2006 Caolan McNamara <caolanm at redhat.com> 0.2.8.3-9
+- CVE-2006-3376 libwmf integer overflow
+
* Wed Mar 2 2005 Caolan McNamara <caolanm at redhat.com> 0.2.8.3-8
- rebuild with gcc4
More information about the fedora-cvs-commits
mailing list