summaryrefslogtreecommitdiffstats
path: root/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch36
1 files changed, 0 insertions, 36 deletions
diff --git a/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch b/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch
deleted file mode 100644
index c6bd017c2..000000000
--- a/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch
+++ /dev/null
@@ -1,36 +0,0 @@
---- libwmf-0.2.8.4/src/player.c
-+++ libwmf-0.2.8.4/src/player.c
-@@ -139,8 +139,31 @@
- WMF_DEBUG (API,"bailing...");
- return (API->err);
- }
--
-- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
-+
-+ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char);
-+ if (nMaxRecordSize)
-+ {
-+ //before allocating memory do a sanity check on size by seeking
-+ //to claimed end to see if its possible. We're constrained here
-+ //by the api and existing implementations to not simply seeking
-+ //to SEEK_END. So use what we have to skip to the last byte and
-+ //try and read it.
-+ const long nPos = WMF_TELL (API);
-+ WMF_SEEK (API, nPos + nMaxRecordSize - 1);
-+ if (ERR (API))
-+ { WMF_DEBUG (API,"bailing...");
-+ return (API->err);
-+ }
-+ int byte = WMF_READ (API);
-+ if (byte == (-1))
-+ { WMF_ERROR (API,"Unexpected EOF!");
-+ API->err = wmf_E_EOF;
-+ return (API->err);
-+ }
-+ WMF_SEEK (API, nPos);
-+ }
-+
-+ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize);
-
- if (ERR (API))
- { WMF_DEBUG (API,"bailing...");