21 lines
662 B
Plaintext
21 lines
662 B
Plaintext
$OpenBSD: patch-src_player_c,v 1.2 2008/05/20 07:23:29 jasper Exp $
|
|
|
|
Security fix for CVE-2006-3376. Diff from Ubuntu. (fixed by naddy@)
|
|
|
|
--- src/player.c.orig Tue Dec 10 20:30:26 2002
|
|
+++ src/player.c Tue May 20 09:19:22 2008
|
|
@@ -132,6 +132,13 @@ wmf_error_t wmf_scan (wmfAPI* API,unsigned long flags,
|
|
}
|
|
}
|
|
|
|
+ if (MAX_REC_SIZE(API) > SIZE_MAX / 2)
|
|
+ {
|
|
+ API->err = wmf_E_InsMem;
|
|
+ WMF_DEBUG (API,"bailing...");
|
|
+ return (API->err);
|
|
+ }
|
|
+
|
|
/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
|
|
*/ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
|
|
|