summaryrefslogtreecommitdiffstats
path: root/kde/kdegraphics/CVE-2010-2575.patch
blob: 5d4394b2a313b550119d41b55b3b31f6ee8bdd05 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

--- okular/generators/plucker/unpluck/image.cpp	(revision 1162413)
+++ okular/generators/plucker/unpluck/image.cpp	(working copy)
@@ -289,8 +289,23 @@
             for (j = 0; j < bytes_per_row;) {
                 incount = *palm_ptr++;
                 inval = *palm_ptr++;
-                memset (rowbuf + j, inval, incount);
-                j += incount;
+                if (incount + j <= bytes_per_row  * width)
+                {
+                    memset (rowbuf + j, inval, incount);
+                    j += incount;
+                }
+                else
+                {
+                    free (rowbuf);
+                    free (lastrow);
+                    free (jpeg_row);
+
+                    jpeg_destroy_compress (&cinfo);
+
+                    fclose( outfile );
+
+                    return false;
+                }
             }
         }
         else if ((flags & PALM_IS_COMPRESSED_FLAG)
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-22 23:50:55 +0000