integer overflow vulnerability fix, #69624

author: Carsten Lohrke <carlo@gentoo.org> 2004-10-31 17:02:45 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2004-10-31 17:02:45 +0000
commit: 361fe0f985fd65c9a458cb95131cb95b00da9848 (patch)
tree: addb7ec9e5d1885eaac1792b239c857a08b76faa /app-office/koffice/files
parent: a little cleanup, and mark 1.5.1 x86 (Manifest recommit) (diff)
download: gentoo-2-361fe0f985fd65c9a458cb95131cb95b00da9848.tar.gz
gentoo-2-361fe0f985fd65c9a458cb95131cb95b00da9848.tar.bz2
gentoo-2-361fe0f985fd65c9a458cb95131cb95b00da9848.zip
3 files changed, 92 insertions, 0 deletions
diff --git a/app-office/koffice/files/digest-koffice-1.3.3-r2 b/app-office/koffice/files/digest-koffice-1.3.3-r2
new file mode 100644
index 000000000000..8c8f121cb5f5
--- /dev/null
+++ b/app-office/koffice/files/digest-koffice-1.3.3-r2
@@ -0,0 +1 @@
+MD5 2c3b745c6218a9dc9b3f60edea2dca2b koffice-1.3.3.tar.bz2 10739168
diff --git a/app-office/koffice/files/digest-koffice-1.3.4-r1 b/app-office/koffice/files/digest-koffice-1.3.4-r1
new file mode 100644
index 000000000000..27aee10e0979
--- /dev/null
+++ b/app-office/koffice/files/digest-koffice-1.3.4-r1
@@ -0,0 +1 @@
+MD5 79896426542b0cf07e2e15f84946905a koffice-1.3.4.tar.bz2 10765924
diff --git a/app-office/koffice/files/koffice_1_3_4_xpdf_security_integer_overflow.diff b/app-office/koffice/files/koffice_1_3_4_xpdf_security_integer_overflow.diff
new file mode 100644
index 000000000000..449806bd4fdb
--- /dev/null
+++ b/app-office/koffice/files/koffice_1_3_4_xpdf_security_integer_overflow.diff
@@ -0,0 +1,90 @@
+Index: Catalog.cc
+===================================================================
+RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.cc,v
+retrieving revision 1.1.2.1
+retrieving revision 1.1.2.4
+diff -u -p -r1.1.2.1 -r1.1.2.4
+--- filters/kword/pdf/xpdf/xpdf/Catalog.cc	22 Oct 2004 12:13:56 -0000	1.1.2.1
++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc	30 Oct 2004 16:43:47 -0000	1.1.2.4
+@@ -12,6 +12,7 @@
+ #pragma implementation
+ #endif
+ 
++#include <limits.h>
+ #include <stddef.h>
+ #include "gmem.h"
+ #include "Object.h"
+@@ -63,8 +64,8 @@ Catalog::Catalog(XRef *xrefA) {
+   }
+   pagesSize = numPages0 = obj.getInt();
+   obj.free();
+-  if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+-      pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++  if ((unsigned) pagesSize >= INT_MAX / sizeof(Page *) ||
++      (unsigned) pagesSize >= INT_MAX / sizeof(Ref)) {
+     error(-1, "Invalid 'pagesSize'");
+     ok = gFalse;
+     return;
+@@ -196,8 +197,8 @@ int Catalog::readPageTree(Dict *pagesDic
+       }
+       if (start >= pagesSize) {
+ 	pagesSize += 32;
+-        if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+-            pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++        if ((unsigned) pagesSize >= INT_MAX / sizeof(Page *) ||
++            (unsigned) pagesSize >= INT_MAX / sizeof(Ref)) {
+           error(-1, "Invalid 'pagesSize' parameter.");
+           goto err3;
+         }
+Index: XRef.cc
+===================================================================
+RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/xpdf/XRef.cc,v
+retrieving revision 1.1.2.1
+retrieving revision 1.1.2.4
+diff -u -p -r1.1.2.1 -r1.1.2.4
+--- filters/kword/pdf/xpdf/xpdf/XRef.cc	22 Oct 2004 12:13:56 -0000	1.1.2.1
++++ filters/kword/pdf/xpdf/xpdf/XRef.cc	30 Oct 2004 16:43:47 -0000	1.1.2.4
+@@ -12,6 +12,7 @@
+ #pragma implementation
+ #endif
+ 
++#include <limits.h>
+ #include <stdlib.h>
+ #include <stddef.h>
+ #include <string.h>
+@@ -76,7 +77,7 @@ XRef::XRef(BaseStream *strA, GString *ow
+ 
+   // trailer is ok - read the xref table
+   } else {
+-    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++    if ((unsigned) size >= INT_MAX / sizeof(XRefEntry)) {
+       error(-1, "Invalid 'size' inside xref table.");
+       ok = gFalse;
+       errCode = errDamaged;
+@@ -273,7 +274,7 @@ GBool XRef::readXRef(Guint *pos) {
+     // table size
+     if (first + n > size) {
+       newSize = size + 256;
+-      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++      if ((unsigned) newSize >= INT_MAX / sizeof(XRefEntry)) {
+         error(-1, "Invalid 'newSize'");
+         goto err2;
+       }
+@@ -420,7 +421,7 @@ GBool XRef::constructXRef() {
+ 	    if (!strncmp(p, "obj", 3)) {
+ 	      if (num >= size) {
+ 		newSize = (num + 1 + 255) & ~255;
+-	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++	        if ((unsigned) newSize >= INT_MAX / sizeof(XRefEntry)) {
+ 	          error(-1, "Invalid 'obj' parameters.");
+ 	          return gFalse;
+ 	        }
+@@ -445,7 +446,7 @@ GBool XRef::constructXRef() {
+     } else if (!strncmp(p, "endstream", 9)) {
+       if (streamEndsLen == streamEndsSize) {
+ 	streamEndsSize += 64;
+-        if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) {
++        if ((unsigned) streamEndsSize >= INT_MAX / sizeof(int)) {
+           error(-1, "Invalid 'endstream' parameter.");
+           return gFalse;
+         }
author	Carsten Lohrke <carlo@gentoo.org>	2004-10-31 17:02:45 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2004-10-31 17:02:45 +0000
commit	361fe0f985fd65c9a458cb95131cb95b00da9848 (patch)
tree	addb7ec9e5d1885eaac1792b239c857a08b76faa /app-office/koffice/files
parent	a little cleanup, and mark 1.5.1 x86 (Manifest recommit) (diff)
download	gentoo-2-361fe0f985fd65c9a458cb95131cb95b00da9848.tar.gz gentoo-2-361fe0f985fd65c9a458cb95131cb95b00da9848.tar.bz2 gentoo-2-361fe0f985fd65c9a458cb95131cb95b00da9848.zip