73a9fe0066
Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
25 lines
757 B
Plaintext
25 lines
757 B
Plaintext
$OpenBSD: patch-pbm_icontopbm_c,v 1.1 2003/03/29 04:13:54 brad Exp $
|
|
--- pbm/icontopbm.c.orig Mon Oct 4 05:10:28 1993
|
|
+++ pbm/icontopbm.c Fri Mar 28 20:22:06 2003
|
|
@@ -10,6 +10,8 @@
|
|
** implied warranty.
|
|
*/
|
|
|
|
+#include <string.h>
|
|
+#include <limits.h>
|
|
#include "pbm.h"
|
|
|
|
static void ReadIconFile ARGS(( FILE* file, int* width, int* height, short** data ));
|
|
@@ -137,6 +139,11 @@ ReadIconFile( file, width, height, data
|
|
if ( *height <= 0 )
|
|
pm_error( "invalid height: %d", *height );
|
|
|
|
+ if ( *width > INT_MAX - 16 || *width < 0)
|
|
+ pm_error( "invalid width: %d", *width);
|
|
+
|
|
+ overflow2(*width + 16, *height);
|
|
+
|
|
data_length = BitmapSize( *width, *height );
|
|
*data = (short*) malloc( data_length );
|
|
if ( *data == NULL )
|