Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070809092230-e2957-a68d29fd33da2a1e1803c67991fcbd0d4ce12c1e.gz;
[kdegraphics-3.5.6-2terminus1-i686 VMiklos <[EMAIL PROTECTED]>**20070809092230 added post-3.5.6-kdegraphics-CVE-2007-3387.diff secfix closes #2302 ] { hunk ./source/kde/kdegraphics/FrugalBuild 6 -pkgrel=1 +pkgrel=2terminus1 hunk ./source/kde/kdegraphics/FrugalBuild 16 +source=($source post-3.5.6-kdegraphics-CVE-2007-3387.diff) hunk ./source/kde/kdegraphics/FrugalBuild 27 -sha1sums=('481d3f3733c042f7dfe7d9fc6620d17f8b945957') +sha1sums=('481d3f3733c042f7dfe7d9fc6620d17f8b945957' \ + 'cd403dcea659e9b4c700835c3a39ad3048f48533') addfile ./source/kde/kdegraphics/post-3.5.6-kdegraphics-CVE-2007-3387.diff hunk ./source/kde/kdegraphics/post-3.5.6-kdegraphics-CVE-2007-3387.diff 1 +diff -Naur kdegraphics-3.5.6.orig/kpdf/xpdf/xpdf/Stream.cc kdegraphics-3.5.6/kpdf/xpdf/xpdf/Stream.cc +--- kdegraphics-3.5.6.orig/kpdf/xpdf/xpdf/Stream.cc 2007-01-15 12:21:56.000000000 +0100 ++++ kdegraphics-3.5.6/kpdf/xpdf/xpdf/Stream.cc 2007-08-09 09:45:03.000000000 +0200 +@@ -411,14 +411,11 @@ + nBits = nBitsA; + predLine = NULL; + ok = gFalse; +- +- if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits) +- return; +- + nVals = width * nComps; +- if (nVals * nBits + 7 < 0) ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps > gfxColorMaxComps || nBits > 16 || ++ width >= INT_MAX / nComps || ++ nVals >= (INT_MAX - 7) / nBits) + return; + pixBytes = (nComps * nBits + 7) >> 3; + rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs