summaryrefslogtreecommitdiff
path: root/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch')
-rw-r--r--patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch
new file mode 100644
index 00000000..cf57734e
--- /dev/null
+++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch
@@ -0,0 +1,21 @@
+--- libwmf-0.2.8.4/src/extra/gd/gd.c
++++ libwmf-0.2.8.4/src/extra/gd/gd.c
+@@ -65,6 +65,18 @@
+ {
+ int i;
+ gdImagePtr im;
++
++ if (overflow2(sx, sy)) {
++ return NULL;
++ }
++
++ if (overflow2(sizeof (unsigned char *), sy)) {
++ return NULL;
++ }
++ if (overflow2(sizeof (unsigned char), sx)) {
++ return NULL;
++ }
++
+ im = (gdImage *) gdMalloc (sizeof (gdImage));
+ memset (im, 0, sizeof (gdImage));
+ /* Row-major ever since gd 1.3 */
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-01 02:34:01 +0000