[SCM] Calligra suite packaging branch, tip, updated. debian/2.4.3-1-21-ga136e20
Raúl Sánchez Siles
kebianizao-guest at alioth.debian.org
Thu Aug 30 17:03:27 UTC 2012
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-std/calligra.git;a=commitdiff;h=9226712
The following commit has been merged in the tip branch:
commit 922671281ec7548d0dc51448437aa18b85f10d4c
Author: Pino Toscano <pino at debian.org>
Date: Mon Aug 6 11:24:45 2012 +0200
fix a buffer overflow in the msword import filter (#684004)
backport upstream commit 7d72f7dd8d28d18c59a08a7d43bd4e0654043103
---
debian/changelog | 6 ++++
debian/patches/series | 1 +
...-not-to-write-behind-the-allocated-memory.patch | 31 ++++++++++++++++++++
3 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index dbd56eb..4487221 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,12 @@ calligra (1:2.4.3-2) UNRELEASED; urgency=low
* Split the templates from calligra-data to the application's packages.
(Closes: #682763)
+ [ Pino Toscano ]
+ * Backport upstream commit 7d72f7dd8d28d18c59a08a7d43bd4e0654043103 to fix
+ a buffer overflow in the msword import filter; patch
+ upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch.
+ (Closes: #684004)
+
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Mon, 02 Jul 2012 19:05:06 +0200
calligra (1:2.4.3-1) unstable; urgency=low
diff --git a/debian/patches/series b/debian/patches/series
index 7dc314a..b3003c0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
do_not_link_blas.diff
+upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch
diff --git a/debian/patches/upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch b/debian/patches/upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch
new file mode 100644
index 0000000..2ece095
--- /dev/null
+++ b/debian/patches/upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch
@@ -0,0 +1,31 @@
+From 7d72f7dd8d28d18c59a08a7d43bd4e0654043103 Mon Sep 17 00:00:00 2001
+From: Thorsten Zachmann <t.zachmann at zagge.de>
+Date: Sat, 4 Aug 2012 06:42:14 +0200
+Subject: [PATCH] Make sure not to write behind the allocated memory
+
+Validate the input data to not write behind the allocated memory. This fixes a
+buffer overflow found by Charlie Miller.
+(cherry picked from commit 8652ab672eaaa145dfb3782f5011de58aa4cc046)
+---
+ filters/words/msword-odf/wv2/src/styles.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/filters/words/msword-odf/wv2/src/styles.cpp b/filters/words/msword-odf/wv2/src/styles.cpp
+index c3132f0..0d691f5 100644
+--- a/filters/words/msword-odf/wv2/src/styles.cpp
++++ b/filters/words/msword-odf/wv2/src/styles.cpp
+@@ -248,6 +248,11 @@ throw(InvalidFormatException)
+ #ifdef WV2_DEBUG_STYLESHEET
+ wvlog << "cbUPX: " << cbUPX << endl;
+ #endif
++ // do not overflow the allocated buffer grupx
++ if (offset + cbUPX > grupxLen) {
++ wvlog << "====> Error: grupx would overflow!" << endl;
++ return false;
++ }
+ for ( U16 j = 0; j < cbUPX; ++j ) {
+ grupx[ offset + j ] = stream->readU8(); // read the whole UPX
+ #ifdef WV2_DEBUG_STYLESHEET
+--
+1.7.10.4
+
--
Calligra suite packaging
More information about the pkg-kde-commits
mailing list