aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/ec/eck_prn.c
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2015-03-06 22:54:58 -0800
committerMike DePaulo <mikedep333@gmail.com>2015-03-28 09:15:33 -0400
commita54b6ab76fd473a0ea79ffdbf08c22c368bb133c (patch)
tree983f4b4ab93b43bcafe6ae2e8171802611eab0df /openssl/crypto/ec/eck_prn.c
parentc833cc9b47becd22b5f6de91d69a467adc57c87d (diff)
downloadvcxsrv-a54b6ab76fd473a0ea79ffdbf08c22c368bb133c.tar.gz
vcxsrv-a54b6ab76fd473a0ea79ffdbf08c22c368bb133c.tar.bz2
vcxsrv-a54b6ab76fd473a0ea79ffdbf08c22c368bb133c.zip
bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]
We use 32-bit ints to read from the bdf file, but then try to stick into a 16-bit int in the xCharInfo struct, so make sure they won't overflow that range. Found by afl-1.24b. v2: Verify that additions won't overflow 32-bit int range either. v3: As Julien correctly observes, the previous check for bh & bw not being < 0 reduces the number of cases we need to check for overflow. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2351c83a77a478b49cba6beb2ad386835e264744)
Diffstat (limited to 'openssl/crypto/ec/eck_prn.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 22:22:59 +0000