Blame SOURCES/CVE-2019-16167_memory-corruption-due-to-an-integer-overflow.patch

e115bc
--- sa_common.c
e115bc
+++ sa_common.c
e115bc
@@ -1249,6 +1249,11 @@
e115bc
 	/* Remap [unsigned] long fields */
e115bc
 	d = gtypes_nr[0] - ftypes_nr[0];
e115bc
 	if (d) {
e115bc
+    
e115bc
+    if (ftypes_nr[0] * ULL_ALIGNMENT_WIDTH < ftypes_nr[0])
e115bc
+			/* Overflow */
e115bc
+			return;
e115bc
+
e115bc
 		memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH,
e115bc
 			((char *) ps) + ftypes_nr[0] * ULL_ALIGNMENT_WIDTH,
e115bc
 			st_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH);
e115bc
@@ -1260,7 +1265,13 @@
e115bc
 	/* Remap [unsigned] int fields */
e115bc
 	d = gtypes_nr[1] - ftypes_nr[1];
e115bc
 	if (d) {
e115bc
-		memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
e115bc
+		
e115bc
+    if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
e115bc
+		  ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
e115bc
+        /* Overflow */
e115bc
+			  return;
e115bc
+
e115bc
+    memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
e115bc
 				      + gtypes_nr[1] * UL_ALIGNMENT_WIDTH,
e115bc
 			((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
e115bc
 				      + ftypes_nr[1] * UL_ALIGNMENT_WIDTH,
e115bc
@@ -1275,6 +1286,13 @@
e115bc
 	/* Remap possible fields (like strings of chars) following int fields */
e115bc
 	d = gtypes_nr[2] - ftypes_nr[2];
e115bc
 	if (d) {
e115bc
+		
e115bc
+    if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
e115bc
+		  gtypes_nr[1] * UL_ALIGNMENT_WIDTH +
e115bc
+		  ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])	
e115bc
+        /* Overflow */
e115bc
+			  return;
e115bc
+
e115bc
 		memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
e115bc
 				      + gtypes_nr[1] * UL_ALIGNMENT_WIDTH
e115bc
 				      + gtypes_nr[2] * U_ALIGNMENT_WIDTH,