Bugzilla – Attachment 60190 Details for
Bug 137156
VUL-0: CVE-2005-3193: xpdf: overflows
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
goo's gmallocn integer overflow fix
goo-overflow-fix.diff (text/plain), 774 bytes, created by
Dirk Mueller
on 2005-12-09 12:48:29 UTC
(
hide
)
Description:
goo's gmallocn integer overflow fix
Filename:
MIME Type:
Creator:
Dirk Mueller
Created:
2005-12-09 12:48:29 UTC
Size:
774 bytes
patch
obsolete
>--- goo/gmem.c (revision 486338) >+++ goo/gmem.c (working copy) >@@ -11,6 +11,7 @@ > #include <stdlib.h> > #include <stddef.h> > #include <string.h> >+#include <limits.h> > #include "gmem.h" > > #ifdef DEBUG_MEM >@@ -141,7 +142,7 @@ void *gmallocn(int nObjs, int objSize) { > int n; > > n = nObjs * objSize; >- if (objSize == 0 || n / objSize != nObjs) { >+ if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) { > fprintf(stderr, "Bogus memory allocation size\n"); > exit(1); > } >@@ -152,7 +153,7 @@ void *greallocn(void *p, int nObjs, int > int n; > > n = nObjs * objSize; >- if (objSize == 0 || n / objSize != nObjs) { >+ if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) { > fprintf(stderr, "Bogus memory allocation size\n"); > exit(1); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=60190">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 137156
:
59932
|
59935
|
60106
| 60190 |
60194
|
60264
|
60265
|
60405
|
60994
|
60995
|
60998
|
62964