diff options
Diffstat (limited to '')
-rw-r--r-- | source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch b/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch deleted file mode 100644 index c6bd017c2..000000000 --- a/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- libwmf-0.2.8.4/src/player.c -+++ libwmf-0.2.8.4/src/player.c -@@ -139,8 +139,31 @@ - WMF_DEBUG (API,"bailing..."); - return (API->err); - } -- -- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); -+ -+ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char); -+ if (nMaxRecordSize) -+ { -+ //before allocating memory do a sanity check on size by seeking -+ //to claimed end to see if its possible. We're constrained here -+ //by the api and existing implementations to not simply seeking -+ //to SEEK_END. So use what we have to skip to the last byte and -+ //try and read it. -+ const long nPos = WMF_TELL (API); -+ WMF_SEEK (API, nPos + nMaxRecordSize - 1); -+ if (ERR (API)) -+ { WMF_DEBUG (API,"bailing..."); -+ return (API->err); -+ } -+ int byte = WMF_READ (API); -+ if (byte == (-1)) -+ { WMF_ERROR (API,"Unexpected EOF!"); -+ API->err = wmf_E_EOF; -+ return (API->err); -+ } -+ WMF_SEEK (API, nPos); -+ } -+ -+ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize); - - if (ERR (API)) - { WMF_DEBUG (API,"bailing..."); |