[gentoo-commits] gentoo-x86 commit in kde-base/okular/files: okular-4.4.5-overflow.patch - gentoo-commits

From:	"Andreas HAttel (dilfridge)" <dilfridge@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in kde-base/okular/files: okular-4.4.5-overflow.patch
Date:	Thu, 30 Dec 2010 13:55:21
Message-Id:	`20101230135511.C614920057@flycatcher.gentoo.org`

1

dilfridge    10/12/30 13:55:11

2

3

  Added:                okular-4.4.5-overflow.patch

4

  Log:

5

  Add fix for Memory Corruption Vulnerability (CVE-2010-2575, bug 334469), straight to stable

6

7

  (Portage version: 2.1.9.26/cvs/Linux i686, RepoMan options: --force)

8

9

Revision  Changes    Path

10

1.1                  kde-base/okular/files/okular-4.4.5-overflow.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/okular/files/okular-4.4.5-overflow.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/okular/files/okular-4.4.5-overflow.patch?rev=1.1&content-type=text/plain

14

15

Index: okular-4.4.5-overflow.patch

16

===================================================================

17

Index: okular/generators/plucker/unpluck/image.cpp

18

===================================================================

19

--- okular/generators/plucker/unpluck/image.cpp	(Revision 1167825)

20

+++ okular/generators/plucker/unpluck/image.cpp	(Revision 1167826)

21

@@ -289,8 +289,23 @@

22

             for (j = 0; j < bytes_per_row;) {

23

                 incount = *palm_ptr++;

24

                 inval = *palm_ptr++;

25

-                memset (rowbuf + j, inval, incount);

26

-                j += incount;

27

+                if (incount + j <= bytes_per_row  * width)

28

+                {

29

+                    memset (rowbuf + j, inval, incount);

30

+                    j += incount;

31

+                }

32

+                else

33

+                {

34

+                    free (rowbuf);

35

+                    free (lastrow);

36

+                    free (jpeg_row);

37

+

38

+                    jpeg_destroy_compress (&cinfo);

39

+

40

+                    fclose( outfile );

41

+

42

+                    return false;

43

+                }

44

}

45

}

46

         else if ((flags & PALM_IS_COMPRESSED_FLAG)

1	dilfridge 10/12/30 13:55:11
2
3	Added: okular-4.4.5-overflow.patch
4	Log:
5	Add fix for Memory Corruption Vulnerability (CVE-2010-2575, bug 334469), straight to stable
6
7	(Portage version: 2.1.9.26/cvs/Linux i686, RepoMan options: --force)
8
9	Revision Changes Path
10	1.1 kde-base/okular/files/okular-4.4.5-overflow.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/okular/files/okular-4.4.5-overflow.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/okular/files/okular-4.4.5-overflow.patch?rev=1.1&content-type=text/plain
14
15	Index: okular-4.4.5-overflow.patch
16	===================================================================
17	Index: okular/generators/plucker/unpluck/image.cpp
18	===================================================================
19	--- okular/generators/plucker/unpluck/image.cpp (Revision 1167825)
20	+++ okular/generators/plucker/unpluck/image.cpp (Revision 1167826)
21	@@ -289,8 +289,23 @@
22	for (j = 0; j < bytes_per_row;) {
23	incount = *palm_ptr++;
24	inval = *palm_ptr++;
25	- memset (rowbuf + j, inval, incount);
26	- j += incount;
27	+ if (incount + j <= bytes_per_row * width)
28	+ {
29	+ memset (rowbuf + j, inval, incount);
30	+ j += incount;
31	+ }
32	+ else
33	+ {
34	+ free (rowbuf);
35	+ free (lastrow);
36	+ free (jpeg_row);
37	+
38	+ jpeg_destroy_compress (&cinfo);
39	+
40	+ fclose( outfile );
41	+
42	+ return false;
43	+ }
44	}
45	}
46	else if ((flags & PALM_IS_COMPRESSED_FLAG)

Gentoo Archives: gentoo-commits