Overview

File libwmf-0.2.8.4-overflow-CVE-2006-3376.patch of Package libwmf

--- src/player.c
+++ src/player.c
@@ -132,6 +132,13 @@
 		}
 	}
 
+	if (MAX_REC_SIZE(API) * 2 / 2 != MAX_REC_SIZE(API))
+	{
+		WMF_ERROR (API,"wmf_scan: max_rec_size too big!");
+                API->err = wmf_E_BadFormat;
+                return (API->err);
+	}
+
 /*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
  */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
openSUSE Build Service is sponsored by
Places