File netpbm-CVE-2017-2587.patch of Package netpbm.32454
Index: netpbm-10.66.3/converter/other/svgtopam.c
===================================================================
--- netpbm-10.66.3.orig/converter/other/svgtopam.c 2017-06-12 10:22:24.288911304 +0200
+++ netpbm-10.66.3/converter/other/svgtopam.c 2017-06-12 10:22:14.080725423 +0200
@@ -679,12 +679,31 @@ stringToUint(const char * const string
else {
char * tailptr;
+ /* We can't use 'strtoull'. Contrary to expectations, though as
+ designed, it returns junk if there is a minus sign.
+ */
+
+ long longValue;
+
+ longValue = strtol(string, &tailptr, 10);
+
+
*uintP = strtoul(string, &tailptr, 10);
if (*tailptr != '\0')
pm_asprintf(errorP, "Non-numeric crap in string: '%s'", tailptr);
- else
- *errorP = NULL;
+ else {
+ if (longValue < 0)
+ pm_asprintf(errorP, "Number is negative");
+ else {
+ if ((unsigned int)longValue != longValue)
+ pm_asprintf(errorP, "Number is too large for computation");
+ else {
+ *uintP = (unsigned int)longValue;
+ *errorP = NULL;
+ }
+ }
+ }
}
}