diff options
author | Rodrigo Bezerra | 2019-01-05 13:39:27 -0300 |
---|---|---|
committer | Rodrigo Bezerra | 2019-01-05 13:39:27 -0300 |
commit | 479b27a34d314a5fb6070fe35adab7cce2ff77de (patch) | |
tree | f2cfd338bd899005a2c784888d24cd8a622a1658 /libwmf-0.2.8.4-CVE-2016-9011.patch | |
parent | 7c36cade40c53183d103edddcd9dbe93da999e6c (diff) | |
download | aur-479b27a34d314a5fb6070fe35adab7cce2ff77de.tar.gz |
Update to version 0.2.10
Diffstat (limited to 'libwmf-0.2.8.4-CVE-2016-9011.patch')
-rw-r--r-- | libwmf-0.2.8.4-CVE-2016-9011.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/libwmf-0.2.8.4-CVE-2016-9011.patch b/libwmf-0.2.8.4-CVE-2016-9011.patch deleted file mode 100644 index c6bd017c2f8f..000000000000 --- a/libwmf-0.2.8.4-CVE-2016-9011.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- libwmf-0.2.8.4/src/player.c -+++ libwmf-0.2.8.4/src/player.c -@@ -139,8 +139,31 @@ - WMF_DEBUG (API,"bailing..."); - return (API->err); - } -- -- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); -+ -+ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char); -+ if (nMaxRecordSize) -+ { -+ //before allocating memory do a sanity check on size by seeking -+ //to claimed end to see if its possible. We're constrained here -+ //by the api and existing implementations to not simply seeking -+ //to SEEK_END. So use what we have to skip to the last byte and -+ //try and read it. -+ const long nPos = WMF_TELL (API); -+ WMF_SEEK (API, nPos + nMaxRecordSize - 1); -+ if (ERR (API)) -+ { WMF_DEBUG (API,"bailing..."); -+ return (API->err); -+ } -+ int byte = WMF_READ (API); -+ if (byte == (-1)) -+ { WMF_ERROR (API,"Unexpected EOF!"); -+ API->err = wmf_E_EOF; -+ return (API->err); -+ } -+ WMF_SEEK (API, nPos); -+ } -+ -+ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize); - - if (ERR (API)) - { WMF_DEBUG (API,"bailing..."); |