[Midnightbsd-cvs] mports [19263] trunk/graphics/libwmf/files: add cve patches

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Sat May 30 18:52:09 EDT 2015 

Revision: 19263
          http://svnweb.midnightbsd.org/mports/?rev=19263
Author:   laffer1
Date:     2015-05-30 18:52:09 -0400 (Sat, 30 May 2015)
Log Message:
-----------
add cve patches

Added Paths:
-----------
    trunk/graphics/libwmf/files/patch-cve-2006-3376
    trunk/graphics/libwmf/files/patch-cve-2009-1364

Added: trunk/graphics/libwmf/files/patch-cve-2006-3376
===================================================================
--- trunk/graphics/libwmf/files/patch-cve-2006-3376	                        (rev 0)
+++ trunk/graphics/libwmf/files/patch-cve-2006-3376	2015-05-30 22:52:09 UTC (rev 19263)
@@ -0,0 +1,27 @@
+--- src/player.c
++++ src/player.c
+@@ -23,6 +23,7 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <stdint.h>
+ #include <string.h>
+ #include <math.h>
+ 
+@@ -132,8 +133,14 @@
+ 		}
+ 	}
+ 
+-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
+- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
++	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
++	{
++		API->err = wmf_E_InsMem;
++		WMF_DEBUG (API,"bailing...");
++		return (API->err);
++	}
++
++ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
+ 
+ 	if (ERR (API))
+ 	{	WMF_DEBUG (API,"bailing...");


Property changes on: trunk/graphics/libwmf/files/patch-cve-2006-3376
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/graphics/libwmf/files/patch-cve-2009-1364
===================================================================
--- trunk/graphics/libwmf/files/patch-cve-2009-1364	                        (rev 0)
+++ trunk/graphics/libwmf/files/patch-cve-2009-1364	2015-05-30 22:52:09 UTC (rev 19263)
@@ -0,0 +1,10 @@
+--- src/extra/gd/gd_clip.c
++++ src/extra/gd/gd_clip.c
+@@ -70,6 +70,7 @@
+ 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
+ 		if (more == 0) return;
+ 		im->clip->max += 8;
++		im->clip->list = more;
+ 	}
+ 	im->clip->list[im->clip->count] = (*rect);
+ 	im->clip->count++;


Property changes on: trunk/graphics/libwmf/files/patch-cve-2009-1364
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property

More information about the Midnightbsd-cvs mailing list