From 2f006c06df31b5992574471d20d21ca61b48d4cadcad0702d43c606fed53f217 Mon Sep 17 00:00:00 2001
From: Michal Vyskocil <michal.vyskocil@gmail.com>
Date: Wed, 9 Oct 2013 06:18:03 +0000
Subject: [PATCH] removed overflow patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/wv?expand=0&rev=19
---
 wv-1.2.2-overflow.patch | 70 -----------------------------------------
 1 file changed, 70 deletions(-)
 delete mode 100644 wv-1.2.2-overflow.patch

diff --git a/wv-1.2.2-overflow.patch b/wv-1.2.2-overflow.patch
deleted file mode 100644
index 7f53aa0..0000000
--- a/wv-1.2.2-overflow.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-Index: lfo.c
-===================================================================
---- lfo.c.orig
-+++ lfo.c
-@@ -23,6 +23,7 @@
- 
- #include <stdlib.h>
- #include <stdio.h>
-+#include <limits.h>
- #include "wv.h"
- 
- /*
-@@ -32,6 +33,16 @@ one has (LFO.clfolvl), and writes out, i
- followed by its corresponding LVL structure (if LFOLVL.fFormatting is set).
- */
- 
-+static int
-+multiplication_will_overflow(U32 a, U32 b)
-+{
-+  if((a > 0) && (b > 0) && (UINT_MAX / a) >= b) {
-+    return 0;
-+  }
-+
-+  return 1;
-+}
-+
- int
- wvGetLFO_records (LFO ** lfo, LFOLVL ** lfolvl, LVL ** lvl, U32 * nolfo,
- 		  U32 * nooflvl, U32 offset, U32 len, wvStream * fd)
-@@ -49,7 +60,9 @@ wvGetLFO_records (LFO ** lfo, LFOLVL ** 
-     wvTrace (("pos %x %d\n", wvStream_tell (fd), *nooflvl));
-     wvTrace (("nolfo is %d nooflvl is %d\n", *nolfo, *nooflvl));
- 
--    if (*nooflvl == 0)
-+    if ((*nooflvl == 0) ||
-+	multiplication_will_overflow(sizeof (LFOLVL), *nooflvl) ||
-+	multiplication_will_overflow(sizeof (LVL), *nooflvl))
-       {
- 	  *lfolvl = NULL;
- 	  *lvl = NULL;
-@@ -101,16 +114,22 @@ wvGetLFO_PLF (LFO ** lfo, U32 * nolfo, U
- 	  *nolfo = read_32ubit (fd);
- 	  wvTrace (("%d\n", *nolfo));
- 
--	  *lfo = (LFO *) wvMalloc (*nolfo * sizeof (LFO));
--	  if (*lfo == NULL)
--	    {
--		wvError (
--			 ("NO MEM 1, failed to alloc %d bytes\n",
-+	  /* check for integer overflow */
-+	  if (multiplication_will_overflow(*nolfo, sizeof(LFO))) {
-+	    wvError (("Malicious document!\n"));			
-+	    *nolfo = 0;
-+	    return (1);
-+	  } else {
-+	    *lfo = (LFO *) wvMalloc (*nolfo * sizeof(LFO));
-+	    if (*lfo == NULL)
-+	      {
-+		wvError (("NO MEM 1, failed to alloc %d bytes\n",
- 			  *nolfo * sizeof (LFO)));
- 		return (1);
--	    }
--	  for (i = 0; i < *nolfo; i++)
-+	      }
-+	    for (i = 0; i < *nolfo; i++)
- 	      wvGetLFO (&((*lfo)[i]), fd);
-+	  }
-       }
-     return (0);
- }