mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
libwmf: patch CVE-2016-9011
Details: https://nvd.nist.gov/vuln/detail/CVE-2016-9011 Pick the patch that explicitly mentions the vulnerability ID. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
41d4d6c022
commit
2d31b3897f
@@ -0,0 +1,50 @@
|
|||||||
|
From 245ec5c80d8d9964d150507f5583ab890a327fe8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||||
|
Date: Wed, 8 Aug 2018 14:01:34 +0100
|
||||||
|
Subject: [PATCH] CVE-2016-9011
|
||||||
|
|
||||||
|
CVE: CVE-2016-9011
|
||||||
|
Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/2208b4881ceb8056480735dc330cfd52be03893e]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
src/player.c | 27 +++++++++++++++++++++++++--
|
||||||
|
1 file changed, 25 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/player.c b/src/player.c
|
||||||
|
index cd87cb5..628cdcb 100644
|
||||||
|
--- a/src/player.c
|
||||||
|
+++ b/src/player.c
|
||||||
|
@@ -139,8 +139,31 @@ wmf_error_t wmf_scan (wmfAPI* API,unsigned long flags,wmfD_Rect* d_r)
|
||||||
|
WMF_DEBUG (API,"bailing...");
|
||||||
|
return (API->err);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
|
||||||
|
+
|
||||||
|
+ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char);
|
||||||
|
+ if (nMaxRecordSize)
|
||||||
|
+ {
|
||||||
|
+ //before allocating memory do a sanity check on size by seeking
|
||||||
|
+ //to claimed end to see if its possible. We're constrained here
|
||||||
|
+ //by the api and existing implementations to not simply seeking
|
||||||
|
+ //to SEEK_END. So use what we have to skip to the last byte and
|
||||||
|
+ //try and read it.
|
||||||
|
+ const long nPos = WMF_TELL (API);
|
||||||
|
+ WMF_SEEK (API, nPos + nMaxRecordSize - 1);
|
||||||
|
+ if (ERR (API))
|
||||||
|
+ { WMF_DEBUG (API,"bailing...");
|
||||||
|
+ return (API->err);
|
||||||
|
+ }
|
||||||
|
+ int byte = WMF_READ (API);
|
||||||
|
+ if (byte == (-1))
|
||||||
|
+ { WMF_ERROR (API,"Unexpected EOF!");
|
||||||
|
+ API->err = wmf_E_EOF;
|
||||||
|
+ return (API->err);
|
||||||
|
+ }
|
||||||
|
+ WMF_SEEK (API, nPos);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize);
|
||||||
|
|
||||||
|
if (ERR (API))
|
||||||
|
{ WMF_DEBUG (API,"bailing...");
|
||||||
@@ -22,6 +22,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta
|
|||||||
file://CVE-2015-0848-CVE-2015-4588.patch \
|
file://CVE-2015-0848-CVE-2015-4588.patch \
|
||||||
file://CVE-2015-4695.patch \
|
file://CVE-2015-4695.patch \
|
||||||
file://CVE-2015-4696.patch \
|
file://CVE-2015-4696.patch \
|
||||||
|
file://CVE-2016-9011.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0"
|
SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0"
|
||||||
|
|||||||
Reference in New Issue
Block a user