summary refs log tree commit diff
path: root/gnu/packages/patches/file-CVE-2014-3587.patch
blob: cf88bf5f3ecbd43bb6c77dae330927e698ea3efc (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Fixes CVE-2014-3587.  Copied from upstream commit
0641e56be1af003aa02c7c6b0184466540637233.

--- file-5.19/src/cdf.c.orig	2014-06-09 09:04:37.000000000 -0400
+++ file-5.19/src/cdf.c	2014-08-26 11:55:23.887118898 -0400
@@ -824,6 +824,10 @@
 		q = (const uint8_t *)(const void *)
 		    ((const char *)(const void *)p + ofs
 		    - 2 * sizeof(uint32_t));
+		if (q < p) {
+			DPRINTF(("Wrapped around %p < %p\n", q, p));
+			goto out;
+		}
 		if (q > e) {
 			DPRINTF(("Ran of the end %p > %p\n", q, e));
 			goto out;