f79a576e77
* gnu/packages/patches/jasper-CVE-2008-3522.patch: New file. * gnu/packages/image.scm (jasper)[source]: Use it. * gnu-system.am (dist_patch_DATA): Add it.
15 lines
539 B
Diff
15 lines
539 B
Diff
Fix CVE-2008-3522 (buffer overflow in 'jas_stream_printf').
|
|
Patch from <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522>.
|
|
|
|
--- jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:56:01.000000000 +0200
|
|
+++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:58:16.000000000 +0200
|
|
@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre
|
|
int ret;
|
|
|
|
va_start(ap, fmt);
|
|
- ret = vsprintf(buf, fmt, ap);
|
|
+ ret = vsnprintf(buf, sizeof buf, fmt, ap);
|
|
jas_stream_puts(stream, buf);
|
|
va_end(ap);
|
|
return ret;
|