cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8f74a67bd1
openbsd-ports/graphics/netpbm/patches/patch-pbm_thinkjettopbm_l
brad 73a9fe0066 Several math overflow errors were found in NetPBM by Al Viro and Alan 
Cox.  While these programs are not installed suid root, they are often
used to prepare data for processing.  These errors may permit remote
attackers to cause a denial of service or execute arbitrary code in
any programs or scripts that use these graphics conversion tools.

http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
2003-03-29 04:13:54 +00:00

23 lines
936 B
Plaintext
Raw Blame History

$OpenBSD: patch-pbm_thinkjettopbm_l,v 1.1 2003/03/29 04:13:54 brad Exp $
--- pbm/thinkjettopbm.l.orig Fri Jan 4 10:12:53 2002
+++ pbm/thinkjettopbm.l Fri Mar 28 20:22:07 2003
@@ -71,7 +71,9 @@ DIG [0-9]
<RASTERMODE>\033\*b{DIG}+W {
int l;
if (rowCount >= rowCapacity) {
+ overflow_add(rowCapacity, 100);
rowCapacity += 100;
+ overflow2(rowCapacity, sizeof *rows);
rows = realloc (rows, rowCapacity * sizeof *rows);
if (rows == NULL)
pm_error ("Out of memory.");
@@ -163,6 +165,8 @@ int yywrap (void)
/*
* Quite simple since ThinkJet bit arrangement matches PBM
*/
+
+ overflow2(maxRowLength, 8);
pbm_writepbminit(stdout, maxRowLength*8, rowCount, 0);
packed_bitrow = malloc(maxRowLength);
Reference in New Issue View Git Blame Copy Permalink