Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Rings:1-MinimalX
netpbm
netpbm-CVE-2017-2587.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File netpbm-CVE-2017-2587.patch of Package netpbm
Index: netpbm-10.66.3/converter/other/svgtopam.c =================================================================== --- netpbm-10.66.3.orig/converter/other/svgtopam.c 2017-06-12 10:22:24.288911304 +0200 +++ netpbm-10.66.3/converter/other/svgtopam.c 2017-06-12 10:22:14.080725423 +0200 @@ -679,12 +679,31 @@ stringToUint(const char * const string else { char * tailptr; + /* We can't use 'strtoull'. Contrary to expectations, though as + designed, it returns junk if there is a minus sign. + */ + + long longValue; + + longValue = strtol(string, &tailptr, 10); + + *uintP = strtoul(string, &tailptr, 10); if (*tailptr != '\0') pm_asprintf(errorP, "Non-numeric crap in string: '%s'", tailptr); - else - *errorP = NULL; + else { + if (longValue < 0) + pm_asprintf(errorP, "Number is negative"); + else { + if ((unsigned int)longValue != longValue) + pm_asprintf(errorP, "Number is too large for computation"); + else { + *uintP = (unsigned int)longValue; + *errorP = NULL; + } + } + } } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor