mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

libwmf: patch CVE-2016-9011

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2016-9011

Pick the patch that explicitly mentions the vulnerability ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2025-11-18 11:31:28 +01:00
committed by Anuj Mittal
parent 41d4d6c022
commit 2d31b3897f
2 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-extended/libwmf/libwmf/CVE-2016-9011.patch
+50
View File
@@ -0,0 +1,50 @@
From 245ec5c80d8d9964d150507f5583ab890a327fe8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Wed, 8 Aug 2018 14:01:34 +0100
Subject: [PATCH] CVE-2016-9011
CVE: CVE-2016-9011
Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/2208b4881ceb8056480735dc330cfd52be03893e]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/player.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/player.c b/src/player.c
index cd87cb5..628cdcb 100644
--- a/src/player.c
+++ b/src/player.c
@@ -139,8 +139,31 @@ wmf_error_t wmf_scan (wmfAPI* API,unsigned long flags,wmfD_Rect* d_r)
WMF_DEBUG (API,"bailing...");
return (API->err);
}
-
- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+
+ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char);
+ if (nMaxRecordSize)
+ {
+ //before allocating memory do a sanity check on size by seeking
+ //to claimed end to see if its possible. We're constrained here
+ //by the api and existing implementations to not simply seeking
+ //to SEEK_END. So use what we have to skip to the last byte and
+ //try and read it.
+ const long nPos = WMF_TELL (API);
+ WMF_SEEK (API, nPos + nMaxRecordSize - 1);
+ if (ERR (API))
+ { WMF_DEBUG (API,"bailing...");
+ return (API->err);
+ }
+ int byte = WMF_READ (API);
+ if (byte == (-1))
+ { WMF_ERROR (API,"Unexpected EOF!");
+ API->err = wmf_E_EOF;
+ return (API->err);
+ }
+ WMF_SEEK (API, nPos);
+ }
+
+ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize);
if (ERR (API))
{ WMF_DEBUG (API,"bailing...");
meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb
+1
View File
@@ -22,6 +22,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta
file://CVE-2015-0848-CVE-2015-4588.patch \
file://CVE-2015-4695.patch \
file://CVE-2015-4696.patch \
file://CVE-2016-9011.patch \
"
SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0"