Overview

File bnc512559-2009-0945.diff of Package kdegraphics3

--- ksvg/impl/SVGList.h.CVE-2009-0945	2005-10-10 16:56:52.000000000 +0200
+++ ksvg/impl/SVGList.h	2009-06-18 17:14:01.000000000 +0200
@@ -139,13 +139,23 @@
 		switch(id)
 		{
 			case SVGListDefs::GetItem:
+				if (static_cast<unsigned int>(args[0].toNumber(exec)) >= m_impl.count())
+					return KJS::Undefined();
 				return obj->getItem(static_cast<unsigned int>(args[0].toNumber(exec)))->cache(exec);
 			case SVGListDefs::RemoveItem:
+				if (static_cast<unsigned int>(args[0].toNumber(exec)) >= m_impl.count())
+					return KJS::Undefined();
 				return obj->removeItem(static_cast<unsigned int>(args[0].toNumber(exec)))->cache(exec);
 			case SVGListDefs::AppendItem:
 				return obj->appendItem(static_cast<KSVGBridge<T> *>(args[0].imp())->impl())->cache(exec);
 			case SVGListDefs::InsertItemBefore:
+				if (static_cast<unsigned int>(args[1].toNumber(exec)) >= m_impl.count())
+					return KJS::Undefined();
 				return obj->insertItemBefore(static_cast<KSVGBridge<T> *>(args[0].imp())->impl(), static_cast<unsigned int>(args[1].toNumber(exec)))->cache(exec);
+			case SVGListDefs::ReplaceItem:
+				if (static_cast<unsigned int>(args[1].toNumber(exec)) >= m_impl.count())
+					return KJS::Undefined();
+				return obj->replaceItem(static_cast<KSVGBridge<T> *>(args[0].imp())->impl(), static_cast<unsigned int>(args[1].toNumber(exec)))->cache(exec);
 			case SVGListDefs::Initialize:
 				return obj->initialize(static_cast<KSVGBridge<T> *>(args[0].imp())->impl())->cache(exec);
 			case SVGListDefs::Clear:
openSUSE Build Service is sponsored by
Places