rpms / exempi

Clone
Source Code
GIT

Blame SOURCES/CVE-2017-18233.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   CVE-2017-18233.patch
Blob History Raw
a3db16 
From 1b08dc2917b5d5972a3f87be3e9b76a4f3398d8d Mon Sep 17 00:00:00 2001
a3db16 
From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
a3db16 
Date: Mon, 14 Aug 2017 23:57:51 -0400
a3db16 
Subject: [PATCH 1/5] Bug 102151 - RIFF: fix an infinite loop cause by an
a3db16 
 overflow
a3db16
a3db16 
---
a3db16 
 source/XMPFiles/FormatSupport/RIFF.cpp | 3 ++-
a3db16 
 1 file changed, 2 insertions(+), 1 deletion(-)
a3db16
a3db16 
diff --git a/source/XMPFiles/FormatSupport/RIFF.cpp b/source/XMPFiles/FormatSupport/RIFF.cpp
a3db16 
index 3992edd..00f67e5 100644
a3db16 
--- a/source/XMPFiles/FormatSupport/RIFF.cpp
a3db16 
+++ b/source/XMPFiles/FormatSupport/RIFF.cpp
a3db16 
@@ -155,7 +155,8 @@ Chunk::Chunk( ContainerChunk* parent, RIFF_MetaHandler* handler, bool skip, Chun
a3db16
a3db16 
 	this->oldPos = LFA_Tell( file );
a3db16 
 	this->id = LFA_ReadUns32_LE( file );
a3db16 
-	this->oldSize = LFA_ReadUns32_LE( file ) + 8;
a3db16 
+	this->oldSize = LFA_ReadUns32_LE( file );
a3db16 
+	this->oldSize += 8;
a3db16
a3db16 
 	// Make sure the size is within expected bounds.
a3db16 
 	XMP_Int64 chunkEnd = this->oldPos + this->oldSize;
a3db16 
--
a3db16 
2.17.2
a3db16

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation