Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:12.2
gnash
gnash-CVE-2012-1175.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnash-CVE-2012-1175.diff of Package gnash
From bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527 Mon Sep 17 00:00:00 2001 From: Benjamin Wolsey <bwy@benjaminwolsey.de> Date: Sat, 10 Mar 2012 14:52:50 +0000 Subject: Fix crash in GnashImage.cpp --- --- libbase/GnashImage.cpp | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) --- a/libbase/GnashImage.cpp +++ b/libbase/GnashImage.cpp @@ -24,6 +24,7 @@ #include <memory> // for auto_ptr #include <boost/scoped_array.hpp> #include <boost/shared_ptr.hpp> +#include <cassert> #include "FileTypes.h" #include "GnashImage.h" @@ -42,6 +43,21 @@ namespace gnash namespace { void processAlpha(GnashImage::iterator imageData, size_t pixels); + bool checkValidSize(size_t width, size_t height, size_t channels) { + + if (width == 0 || height == 0) return false; + + assert(channels > 0); + + boost::uint32_t maxSize = std::numeric_limits<boost::int32_t>::max(); + if (width >= maxSize || height >= maxSize) return false; + + maxSize /= channels; + maxSize /= width; + maxSize /= height; + + return maxSize > 0; + } } GnashImage::GnashImage(iterator data, size_t width, size_t height, @@ -53,6 +69,8 @@ GnashImage::GnashImage(iterator data, si _height(height), _data(data) { + // Callers should check dimensions + assert(checkValidSize(_width, _height, channels())); } /// Create an image allocating a buffer of height*pitch bytes @@ -64,8 +82,9 @@ GnashImage::GnashImage(size_t width, siz _width(width), _height(height) { - const size_t max = std::numeric_limits<boost::int32_t>::max(); - if (size() > max) { + // Constructed from external input, so restrict dimensions to avoid + // overflow in size calculations + if (!checkValidSize(_width, _height, channels())) { throw std::bad_alloc(); } _data.reset(new value_type[size()]);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor