From 1ba82444d8e727170ca3a504c59ae20c5060f6dc Mon Sep 17 00:00:00 2001
From: Anssi Hannula <anssi.hannula@iki.fi>
Date: Sat, 13 Nov 2010 07:49:53 +0200
Subject: [PATCH 03/15] fixed: CVE-2008-1679 in internal python (upstream)
---
xbmc/lib/libPython/Python/Modules/imageop.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/xbmc/lib/libPython/Python/Modules/imageop.c b/xbmc/lib/libPython/Python/Modules/imageop.c
index 1dba8ac..5cb992c 100644
--- a/xbmc/lib/libPython/Python/Modules/imageop.c
+++ b/xbmc/lib/libPython/Python/Modules/imageop.c
@@ -640,6 +640,11 @@ imageop_rgb82rgb(PyObject *self, PyObject *args)
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
+
+ if ( nlen / x != y || nlen > INT_MAX / 4) {
+ PyErr_SetString(ImageopError, "Image is too large");
+ return 0;
+ }
rv = PyString_FromStringAndSize(NULL, nlen*4);
if ( rv == 0 )
@@ -743,6 +748,11 @@ imageop_grey2rgb(PyObject *self, PyObject *args)
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
+
+ if ( nlen / x != y || nlen > INT_MAX / 4) {
+ PyErr_SetString(ImageopError, "Image is too large");
+ return 0;
+ }
rv = PyString_FromStringAndSize(NULL, nlen*4);
if ( rv == 0 )
--
1.7.3
distrib
>
Mandriva
>
2010.1
>
i586
>
media
>
contrib-updates-src
>
by-pkgid
>
f722e3fddb6bcd9335a8848a4b05a73c
>
files
>
11
