65d54af49f
* gnu/packages/patches/icu4c-CVE-2014-6585.patch, gnu/packages/patches/icu4c-CVE-2015-1270.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/icu4c.scm (icu4c)[source]: Add patches.
22 lines
584 B
Diff
22 lines
584 B
Diff
Copied from Debian.
|
|
|
|
description: out-of-bounds read
|
|
origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
|
|
|
|
--- a/source/layout/LETableReference.h
|
|
+++ b/source/layout/LETableReference.h
|
|
@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
|
|
}
|
|
|
|
const T& operator()(le_uint32 i, LEErrorCode &success) const {
|
|
- return *getAlias(i,success);
|
|
+ const T *ret = getAlias(i,success);
|
|
+ if (LE_FAILURE(success) || ret==NULL) {
|
|
+ return *(new T());
|
|
+ } else {
|
|
+ return *ret;
|
|
+ }
|
|
}
|
|
|
|
size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
|