summaryrefslogtreecommitdiffstats
path: root/contrib/packages/rpm/el5/SOURCES/CVE-2015-1802.diff
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/packages/rpm/el5/SOURCES/CVE-2015-1802.diff')
-rw-r--r--contrib/packages/rpm/el5/SOURCES/CVE-2015-1802.diff30
1 files changed, 0 insertions, 30 deletions
diff --git a/contrib/packages/rpm/el5/SOURCES/CVE-2015-1802.diff b/contrib/packages/rpm/el5/SOURCES/CVE-2015-1802.diff
deleted file mode 100644
index 1d873336..00000000
--- a/contrib/packages/rpm/el5/SOURCES/CVE-2015-1802.diff
+++ /dev/null
@@ -1,30 +0,0 @@
-From 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 6 Feb 2015 15:50:45 -0800
-Subject: bdfReadProperties: property count needs range check [CVE-2015-1802]
-
-Avoid integer overflow or underflow when allocating memory arrays
-by multiplying the number of properties reported for a BDF font.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Julien Cristau <jcristau@debian.org>
-
-diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
-index 914a024..6387908 100644
---- a/src/bitmap/bdfread.c
-+++ b/src/bitmap/bdfread.c
-@@ -604,7 +604,9 @@ bdfReadProperties(FontFilePtr file, FontPtr pFont, bdfFileState *pState)
- bdfError("missing 'STARTPROPERTIES'\n");
- return (FALSE);
- }
-- if (sscanf((char *) line, "STARTPROPERTIES %d", &nProps) != 1) {
-+ if ((sscanf((char *) line, "STARTPROPERTIES %d", &nProps) != 1) ||
-+ (nProps <= 0) ||
-+ (nProps > ((INT32_MAX / sizeof(FontPropRec)) - BDF_GENPROPS))) {
- bdfError("bad 'STARTPROPERTIES'\n");
- return (FALSE);
- }
---
-cgit v0.10.2
-
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 18:00:34 +0000