From: | "Andreas HAttel (dilfridge)" <dilfridge@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in kde-base/okular/files: okular-4.4.5-overflow.patch |
Date: | Thu, 30 Dec 2010 13:55:21 |
Message-Id: | 20101230135511.C614920057@flycatcher.gentoo.org |
1 | dilfridge 10/12/30 13:55:11 |
2 | |
3 | Added: okular-4.4.5-overflow.patch |
4 | Log: |
5 | Add fix for Memory Corruption Vulnerability (CVE-2010-2575, bug 334469), straight to stable |
6 | |
7 | (Portage version: 2.1.9.26/cvs/Linux i686, RepoMan options: --force) |
8 | |
9 | Revision Changes Path |
10 | 1.1 kde-base/okular/files/okular-4.4.5-overflow.patch |
11 | |
12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/okular/files/okular-4.4.5-overflow.patch?rev=1.1&view=markup |
13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/okular/files/okular-4.4.5-overflow.patch?rev=1.1&content-type=text/plain |
14 | |
15 | Index: okular-4.4.5-overflow.patch |
16 | =================================================================== |
17 | Index: okular/generators/plucker/unpluck/image.cpp |
18 | =================================================================== |
19 | --- okular/generators/plucker/unpluck/image.cpp (Revision 1167825) |
20 | +++ okular/generators/plucker/unpluck/image.cpp (Revision 1167826) |
21 | @@ -289,8 +289,23 @@ |
22 | for (j = 0; j < bytes_per_row;) { |
23 | incount = *palm_ptr++; |
24 | inval = *palm_ptr++; |
25 | - memset (rowbuf + j, inval, incount); |
26 | - j += incount; |
27 | + if (incount + j <= bytes_per_row * width) |
28 | + { |
29 | + memset (rowbuf + j, inval, incount); |
30 | + j += incount; |
31 | + } |
32 | + else |
33 | + { |
34 | + free (rowbuf); |
35 | + free (lastrow); |
36 | + free (jpeg_row); |
37 | + |
38 | + jpeg_destroy_compress (&cinfo); |
39 | + |
40 | + fclose( outfile ); |
41 | + |
42 | + return false; |
43 | + } |
44 | } |
45 | } |
46 | else if ((flags & PALM_IS_COMPRESSED_FLAG) |