author: Martin Wilke <miwi@FreeBSD.org> 2007-07-31 11:41:30 +0000
committer: Martin Wilke <miwi@FreeBSD.org> 2007-07-31 11:41:30 +0000
commit: 0472339a46f6e5788d65401954f75a446ec8543b (patch)
tree: c755b4c69b7de06382cdd9211d70b4b8ada0d5fe /graphics/xpdf/files
parent: 8d605e2e9f7cc632c976c1cf59d76cac8581caaa (diff)
1 files changed, 33 insertions, 0 deletions
diff --git a/graphics/xpdf/files/patch-CVE-2007-3387 b/graphics/xpdf/files/patch-CVE-2007-3387
new file mode 100644
index 000000000000..692d243ab949
--- /dev/null
+++ b/graphics/xpdf/files/patch-CVE-2007-3387
@@ -0,0 +1,33 @@
+*** xpdf/Stream.cc	Tue Feb 27 14:05:52 2007
+--- xpdf/Stream.cc	Thu Jul 26 14:44:43 2007
+***************
+*** 410,424 ****
+    ok = gFalse;
+  
+    nVals = width * nComps;
+-   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-       nComps >= INT_MAX / nBits ||
+-       width >= INT_MAX / nComps / nBits ||
+-       nVals * nBits + 7 < 0) {
+-     return;
+-   }
+    pixBytes = (nComps * nBits + 7) >> 3;
+    rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+!   if (rowBytes <= 0) {
+      return;
+    }
+    predLine = (Guchar *)gmalloc(rowBytes);
+--- 410,422 ----
+    ok = gFalse;
+  
+    nVals = width * nComps;
+    pixBytes = (nComps * nBits + 7) >> 3;
+    rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+!   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+!       nComps > gfxColorMaxComps ||
+!       nBits > 16 ||
+!       width >= INT_MAX / nComps ||      // check for overflow in nVals 
+!       nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+      return;
+    }
+    predLine = (Guchar *)gmalloc(rowBytes);
author	Martin Wilke <miwi@FreeBSD.org>	2007-07-31 11:41:30 +0000
committer	Martin Wilke <miwi@FreeBSD.org>	2007-07-31 11:41:30 +0000
commit	0472339a46f6e5788d65401954f75a446ec8543b (patch)
tree	c755b4c69b7de06382cdd9211d70b4b8ada0d5fe /graphics/xpdf/files
parent	8d605e2e9f7cc632c976c1cf59d76cac8581caaa (diff)