Taken from http://bugs.python.org/issue1179
--- Python-2.5.2-orig+CVE-2007-4965/Modules/imageop.c 2008-04-07 16:13:42.000000000 -0700
+++ Python-2.5.2/Modules/imageop.c 2008-04-07 16:10:21.000000000 -0700
@@ -640,6 +640,11 @@
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
+
+ if ( nlen / x != y || nlen > INT_MAX / 4) {
+ PyErr_SetString(ImageopError, "Image is too large");
+ return 0;
+ }
rv = PyString_FromStringAndSize(NULL, nlen*4);
if ( rv == 0 )
@@ -743,6 +748,11 @@
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
+
+ if ( nlen / x != y || nlen > INT_MAX / 4) {
+ PyErr_SetString(ImageopError, "Image is too large");
+ return 0;
+ }
rv = PyString_FromStringAndSize(NULL, nlen*4);
if ( rv == 0 )
distrib
>
Mandriva
>
2009.0
>
x86_64
>
media
>
main-testing-src
>
by-pkgid
>
b08369efffd3ee635c560610ccff6886
>
files
>
13
