File netpbm-CVE-2017-2587.patch of Package netpbm

Overview Repositories Revisions Requests Users Attributes Meta

File netpbm-CVE-2017-2587.patch of Package netpbm

Index: netpbm-10.66.3/converter/other/svgtopam.c
===================================================================
--- netpbm-10.66.3.orig/converter/other/svgtopam.c	2017-06-12 10:22:24.288911304 +0200
+++ netpbm-10.66.3/converter/other/svgtopam.c	2017-06-12 10:22:14.080725423 +0200
@@ -679,12 +679,31 @@ stringToUint(const char *   const string
     else {
         char * tailptr;
 
+        /* We can't use 'strtoull'.  Contrary to expectations, though as
+           designed, it returns junk if there is a minus sign.
+        */
+
+        long longValue;
+
+        longValue = strtol(string, &tailptr, 10);
+
+
         *uintP = strtoul(string, &tailptr, 10);
 
         if (*tailptr != '\0')
             pm_asprintf(errorP, "Non-numeric crap in string: '%s'", tailptr);
-        else
-            *errorP = NULL;
+        else {
+            if (longValue < 0)
+                pm_asprintf(errorP, "Number is negative");
+            else {
+                if ((unsigned int)longValue != longValue)
+                    pm_asprintf(errorP, "Number is too large for computation");
+                else {
+                    *uintP = (unsigned int)longValue;
+                    *errorP = NULL;
+                }
+            }
+        }
     }
 }

Places

File netpbm-CVE-2017-2587.patch of Package netpbm

Places