aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libwmf-CVE-2006-3376.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libwmf-CVE-2006-3376.patch')
-rw-r--r--gnu/packages/patches/libwmf-CVE-2006-3376.patch30
1 files changed, 0 insertions, 30 deletions
diff --git a/gnu/packages/patches/libwmf-CVE-2006-3376.patch b/gnu/packages/patches/libwmf-CVE-2006-3376.patch
deleted file mode 100644
index 1e0e1ecfa8..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2006-3376.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Copied from Debian.
-
---- libwmf-0.2.8.4.orig/src/player.c
-+++ libwmf-0.2.8.4/src/player.c
-@@ -23,6 +23,7 @@
-
- #include <stdio.h>
- #include <stdlib.h>
-+#include <stdint.h>
- #include <string.h>
- #include <math.h>
-
-@@ -132,8 +133,14 @@
- }
- }
-
--/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
-- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
-+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
-+ {
-+ API->err = wmf_E_InsMem;
-+ WMF_DEBUG (API,"bailing...");
-+ return (API->err);
-+ }
-+
-+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
-
- if (ERR (API))
- { WMF_DEBUG (API,"bailing...");
-