diff options
Diffstat (limited to 'user/atril/CVE-2019-1010006.patch')
-rw-r--r-- | user/atril/CVE-2019-1010006.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/user/atril/CVE-2019-1010006.patch b/user/atril/CVE-2019-1010006.patch deleted file mode 100644 index 913e40312..000000000 --- a/user/atril/CVE-2019-1010006.patch +++ /dev/null @@ -1,54 +0,0 @@ -From aa8c51c24a3d716986ace9a4104a9632436ccff5 Mon Sep 17 00:00:00 2001 -From: lukefromdc <lukefromdc@hushmail.com> -Date: Sat, 27 Jul 2019 15:07:13 -0400 -Subject: [PATCH] Fix buffer overflow in backend/tiff-document.c - - Apply https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 ---- - backend/tiff/tiff-document.c | 17 ++++++++++------- - 1 file changed, 10 insertions(+), 7 deletions(-) - -diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c -index 0aa31cb6..94adc400 100644 ---- a/backend/tiff/tiff-document.c -+++ b/backend/tiff/tiff-document.c -@@ -268,13 +268,14 @@ tiff_document_render (EvDocument *document, - return NULL; - } - -- bytes = height * rowstride; -- if (bytes / rowstride != height) { -+ if (height >= INT_MAX / rowstride) { - g_warning("Overflow while rendering document."); - /* overflow */ - return NULL; - } - -+ bytes = height * rowstride; -+ - pixels = g_try_malloc (bytes); - if (!pixels) { - g_warning("Failed to allocate memory for rendering."); -@@ -356,15 +357,17 @@ tiff_document_render_pixbuf (EvDocument *document, - if (width <= 0 || height <= 0) - return NULL; - -- rowstride = width * 4; -- if (rowstride / 4 != width) -+ if (width >= INT_MAX / 4) - /* overflow */ - return NULL; - -- bytes = height * rowstride; -- if (bytes / rowstride != height) -+ rowstride = width * 4; -+ -+ if (height >= INT_MAX / rowstride) - /* overflow */ -- return NULL; -+ return NULL; -+ -+ bytes = height * rowstride; - - pixels = g_try_malloc (bytes); - if (!pixels) |