[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 509531] CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009)



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=509531





--- Comment #4 from Richard W.M. Jones <rjones redhat com>  2009-07-03 09:31:00 EDT ---
Created an attachment (id=350433)
 --> (https://bugzilla.redhat.com/attachment.cgi?id=350433)
camlimages-oversized-png-check.patch

This is a potential fix which checks whether the
numbers we are about to multiply together could
provoke an arithmetic overflow (or are negative,
which would be equally bogus).

It solves the test case that I was given privately.

Note that in any case the bug only manifests on 32 bit
architectures.  On 64 bit, the multiply does not
overflow, but unless you have loads of free memory
you will shortly afterwards get a (safe) Out_of_memory
exception.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]