ALT Linux Bugzilla
– Attachment 1880 Details for
Bug 11172
[security] CVE-2007-0653 and CVE-2007-0654 in xmms.
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
Patch from Ubuntu package
bmp.c.diff (text/plain), 1.04 KB, created by
Igor Zubkov
on 2007-03-28 16:35:15 MSD
(
hide
)
Description:
Patch from Ubuntu package
Filename:
MIME Type:
Creator:
Igor Zubkov
Created:
2007-03-28 16:35:15 MSD
Size:
1.04 KB
patch
obsolete
>--- xmms-1.2.10+cvs20060429.orig/xmms/bmp.c >+++ xmms-1.2.10+cvs20060429/xmms/bmp.c >@@ -19,6 +19,12 @@ > */ > #include "xmms.h" > >+#if HAVE_STDINT_H >+#include <stdint.h> >+#elif !defined(UINT32_MAX) >+#define UINT32_MAX 0xffffffffU >+#endif >+ > typedef struct tagRGBQUAD > { > guchar rgbBlue; >@@ -184,7 +190,7 @@ > } > else if (bitcount != 24 && bitcount != 16 && bitcount != 32) > { >- gint ncols, i; >+ guint32 ncols, i; > > ncols = offset - headSize - 14; > if (headSize == 12) >@@ -200,10 +206,18 @@ > } > } > fseek(file, offset, SEEK_SET); >+ /* verify buffer size */ >+ if (!h || !w || >+ w > (((UINT32_MAX - 3) / 3) / h) || >+ h > (((UINT32_MAX - 3) / 3) / w)) { >+ g_warning("read_bmp(): width(%u)*height(%u) too large", w, h); >+ fclose(file); >+ return NULL; >+ } >+ data = g_malloc0((w * 3 * h) + 3); /* +3 is just for safety */ > buffer = g_malloc(imgsize); > fread(buffer, imgsize, 1, file); > fclose(file); >- data = g_malloc0((w * 3 * h) + 3); /* +3 is just for safety */ > > if (bitcount == 1) > read_1b_rgb(buffer, imgsize, data, w, h, rgb_quads);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1880">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 11172
: 1880
