Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
gdk-pixbuf.7709
gdk-pixbuf-cve-2017-6314-tiff-infinite-loop.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gdk-pixbuf-cve-2017-6314-tiff-infinite-loop.patch of Package gdk-pixbuf.7709
From 1e513abdb55529f888233d3c96b27352d83aad5f Mon Sep 17 00:00:00 2001 From: Bastien Nocera <hadess@hadess.net> Date: Tue, 5 Dec 2017 10:26:49 +0100 Subject: [PATCH] tiff: Avoid overflowing buffer size computation Use g_uint_checked_mul() to avoid overflowing the guint used for buffer size calculation. https://bugzilla.gnome.org/show_bug.cgi?id=779020 --- gdk-pixbuf/io-tiff.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/gdk-pixbuf/io-tiff.c b/gdk-pixbuf/io-tiff.c index 7ca0a565a..49fe60eee 100644 --- a/gdk-pixbuf/io-tiff.c +++ b/gdk-pixbuf/io-tiff.c @@ -529,8 +529,15 @@ make_available_at_least (TiffContext *context, guint needed) need_alloc = context->used + needed; if (need_alloc > context->allocated) { guint new_size = 1; - while (new_size < need_alloc) - new_size *= 2; + while (new_size < need_alloc) { + if (!g_uint_checked_mul (&new_size, new_size, 2)) { + new_size = 0; + break; + } + } + + if (new_size == 0) + return FALSE; new_buffer = g_try_realloc (context->buffer, new_size); if (new_buffer) { -- 2.15.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor