Annotation of /trunk/cups/patches/cups-1.2.12-CVE-2007-3387.patch
Parent Directory | Revision Log
Revision 288 -
(hide annotations)
(download)
Fri Aug 3 17:11:15 2007 UTC (17 years, 2 months ago) by niro
File size: 908 byte(s)
Fri Aug 3 17:11:15 2007 UTC (17 years, 2 months ago) by niro
File size: 908 byte(s)
-security update CVE-2007-3387
1 | niro | 288 | diff -Naur cups-1.2.12/pdftops/Stream.cxx cups-1.2.12-fixed/pdftops/Stream.cxx |
2 | --- cups-1.2.12/pdftops/Stream.cxx 2006-02-13 04:08:11.000000000 +0100 | ||
3 | +++ cups-1.2.12-fixed/pdftops/Stream.cxx 2007-08-03 19:10:02.000000000 +0200 | ||
4 | @@ -411,15 +411,13 @@ | ||
5 | ok = gFalse; | ||
6 | |||
7 | nVals = width * nComps; | ||
8 | - if (width <= 0 || nComps <= 0 || nBits <= 0 || | ||
9 | - nComps >= INT_MAX / nBits || | ||
10 | - width >= INT_MAX / nComps / nBits || | ||
11 | - nVals * nBits + 7 < 0) { | ||
12 | - return; | ||
13 | - } | ||
14 | pixBytes = (nComps * nBits + 7) >> 3; | ||
15 | rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; | ||
16 | - if (rowBytes <= 0) { | ||
17 | + if (width <= 0 || nComps <= 0 || nBits <= 0 || | ||
18 | + nComps > gfxColorMaxComps || | ||
19 | + nBits > 16 || | ||
20 | + width >= INT_MAX / nComps || // check for overflow in nVals | ||
21 | + nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes | ||
22 | return; | ||
23 | } | ||
24 | predLine = (Guchar *)gmalloc(rowBytes); |