rpms / autotrace

Clone
Source Code
GIT

Blame SOURCES/autotrace-0.31.1-CVE-2019-19004.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   1ec28a2c70f0383b98aed53684e12bc5041eb266
  2.   SOURCES
  3.   autotrace-0.31.1-CVE-2019-19004.patch
Blob History Raw
1ec28a 
diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
1ec28a 
--- autotrace-0.31.1.old/input-bmp.c	2021-04-30 15:03:16.264446518 +0530
1ec28a 
+++ autotrace-0.31.1/input-bmp.c	2021-04-30 15:06:14.682051209 +0530
1ec28a 
@@ -220,6 +220,13 @@
1ec28a 
    * word length (32 bits == 4 bytes)
1ec28a 
    */
1ec28a
1ec28a 
+  unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
1ec28a 
+  if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
1ec28a 
+    LOG("Error reading BMP file header. Width is too large\n");
1ec28a 
+    at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
1ec28a 
+    goto cleanup;
1ec28a 
+  }
1ec28a 
+
1ec28a 
   rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;
1ec28a
1ec28a 
 #ifdef DEBUG

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation