0063cae2f0
mpfr_strtofr (CVE-2014-9474). [bnc#911812] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/mpfr?expand=0&rev=26
18 lines
848 B
Diff
18 lines
848 B
Diff
diff -Naurd mpfr-3.1.2-a/src/strtofr.c mpfr-3.1.2-b/src/strtofr.c
|
|
--- mpfr-3.1.2-a/src/strtofr.c 2013-03-13 15:37:32.000000000 +0000
|
|
+++ mpfr-3.1.2-b/src/strtofr.c 2014-12-04 01:41:57.287791246 +0000
|
|
@@ -473,8 +473,10 @@
|
|
/* prec bits corresponds to ysize limbs */
|
|
ysize_bits = ysize * GMP_NUMB_BITS;
|
|
/* and to ysize_bits >= prec > MPFR_PREC (x) bits */
|
|
- y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 1);
|
|
- y += ysize; /* y has (ysize+1) allocated limbs */
|
|
+ /* we need to allocate one more limb to work around bug
|
|
+ https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html */
|
|
+ y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 2);
|
|
+ y += ysize; /* y has (ysize+2) allocated limbs */
|
|
|
|
/* pstr_size is the number of characters we read in pstr->mant
|
|
to have at least ysize full limbs.
|
|
|