- Fix buffer overflow vulnerability.
- Bump PORTREVISION Approved by: simon (secteam) Security: http://www.vuxml.org/freebsd/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html
This commit is contained in:
parent
8f6f0ed784
commit
c4c6d40438
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=196823
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= cups
|
||||
PORTVERSION= 1.2.11
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 3
|
||||
DISTVERSIONSUFFIX= -source
|
||||
CATEGORIES= print
|
||||
MASTER_SITES= EASYSW/${PORTNAME}/${DISTVERSION}
|
||||
|
23
print/cups-base/files/patch-CVE-2007-3387
Normal file
23
print/cups-base/files/patch-CVE-2007-3387
Normal file
@ -0,0 +1,23 @@
|
||||
--- pdftops/Stream.cxx.orig 2006-02-13 04:08:11.000000000 +0100
|
||||
+++ pdftops/Stream.cxx 2007-07-31 15:05:53.000000000 +0200
|
||||
@@ -411,15 +411,13 @@
|
||||
ok = gFalse;
|
||||
|
||||
nVals = width * nComps;
|
||||
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
|
||||
- nComps >= INT_MAX / nBits ||
|
||||
- width >= INT_MAX / nComps / nBits ||
|
||||
- nVals * nBits + 7 < 0) {
|
||||
- return;
|
||||
- }
|
||||
pixBytes = (nComps * nBits + 7) >> 3;
|
||||
rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
|
||||
- if (rowBytes <= 0) {
|
||||
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
|
||||
+ nComps > gfxColorMaxComps ||
|
||||
+ nBits > 16 ||
|
||||
+ width >= INT_MAX / nComps || // check for overflow in nVals
|
||||
+ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
|
||||
return;
|
||||
}
|
||||
predLine = (Guchar *)gmalloc(rowBytes);
|
Loading…
Reference in New Issue
Block a user