diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libwmf/CVE-2006-3376.patch')
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/libwmf/CVE-2006-3376.patch | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libwmf/CVE-2006-3376.patch b/nixpkgs/pkgs/development/libraries/libwmf/CVE-2006-3376.patch deleted file mode 100644 index 4c7519d9c101..000000000000 --- a/nixpkgs/pkgs/development/libraries/libwmf/CVE-2006-3376.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- libwmf-0.2.8.4.orig/src/player.c -+++ libwmf-0.2.8.4/src/player.c -@@ -23,6 +23,7 @@ - - #include <stdio.h> - #include <stdlib.h> -+#include <stdint.h> - #include <string.h> - #include <math.h> - -@@ -132,8 +133,14 @@ - } - } - --/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); -- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); -+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2) -+ { -+ API->err = wmf_E_InsMem; -+ WMF_DEBUG (API,"bailing..."); -+ return (API->err); -+ } -+ -+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); - - if (ERR (API)) - { WMF_DEBUG (API,"bailing..."); - |