pool/webkit2gtk3
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8b8e552c97
webkit2gtk3/webkit2gtk3-boo1101999-off-by-one.patch
Bjørn Lie 8b8e552c97 Accepting request 624324 from home:mgorse:branches:GNOME:Factory 
- Add webkit2gtk3-boo1101999-off-by-one.patch: fix off-by-one in
  xdg_mime_get_simple_globs (boo#1101999 CVE-2018-12911).

OBS-URL: https://build.opensuse.org/request/show/624324
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/webkit2gtk3?expand=0&rev=167
2018-07-20 18:13:48 +00:00

47 lines
1.5 KiB
Diff
Raw Blame History

Index: Source/ThirdParty/xdgmime/src/xdgmimecache.c
===================================================================
--- Source/ThirdParty/xdgmime/src/xdgmimecache.c (revision 233403)
+++ Source/ThirdParty/xdgmime/src/xdgmimecache.c (revision 233404)
@@ -1047,6 +1047,9 @@
xdg_uint32_t child_offset;
int i;
+ assert (*n >= 0);
+ assert (depth >= 0);
+
if (*n >= n_globs)
return FALSE;
@@ -1055,7 +1058,7 @@
xdg_uint32_t mime_offset = GET_UINT32 (cache->buffer, offset + 4);
if (strcasecmp (cache->buffer + mime_offset, mime) == 0) {
- globs[*n] = malloc (depth * sizeof (char));
+ globs[*n] = malloc ((depth + 1) * sizeof (char));
for (i = 0; i < depth; i++)
globs[*n][depth - i - 1] = prefix[i];
globs[*n][depth] = '\0';
Index: Source/ThirdParty/xdgmime/src/xdgmimeglob.c
===================================================================
--- Source/ThirdParty/xdgmime/src/xdgmimeglob.c (revision 233403)
+++ Source/ThirdParty/xdgmime/src/xdgmimeglob.c (revision 233404)
@@ -484,6 +484,9 @@
xdg_unichar_t *prefix,
int depth)
{
+ assert (*n >= 0);
+ assert (depth >= 0);
+
if (*n >= n_globs)
return FALSE;
@@ -495,7 +498,7 @@
{
int i;
- globs[*n] = malloc (depth * sizeof (char));
+ globs[*n] = malloc ((depth + 1) * sizeof (char));
for (i = 0; i < depth; i++)
globs[*n][depth - i - 1] = prefix[i];
globs[*n][depth] = '\0';
Reference in New Issue View Git Blame Copy Permalink