~smartboyhw/ubuntu/raring/calligra/2.6.0-0ubuntu1

Viewing changes to filters/words/msword-odf/wv2/src/styles.cpp

Committer: Package Import Robot
Author(s): Scott Kitterman
Date: 2012-08-04 06:03:11 UTC
Revision ID: package-import@ubuntu.com-20120804060311-hrum2v2v4rvt9cwz

Tags: 1:2.4.92-0ubuntu2

* SECURITY UPDATE:
* References See patch header
* Add debian/patches/wv2_buffer_overflow_fix.diff to fix buffer overflow in
embedded copy of wv2 MS Word filter (LP: #1032934)

files added:
.pc/wv2_buffer_overflow_fix.diff

.pc/wv2_buffer_overflow_fix.diff/filters

.pc/wv2_buffer_overflow_fix.diff/filters/words

.pc/wv2_buffer_overflow_fix.diff/filters/words/msword-odf

.pc/wv2_buffer_overflow_fix.diff/filters/words/msword-odf/wv2

.pc/wv2_buffer_overflow_fix.diff/filters/words/msword-odf/wv2/src

.pc/wv2_buffer_overflow_fix.diff/filters/words/msword-odf/wv2/src/styles.cpp

debian/patches/wv2_buffer_overflow_fix.diff

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

filters/words/msword-odf/wv2/src/styles.cpp

Show diffs side-by-side

added added

removed removed

filters/words/msword-odf/wv2/src/styles.cpp

248

#ifdef WV2_DEBUG_STYLESHEET

249

wvlog << "cbUPX: " << cbUPX << endl;

250

#endif

251

// do not overflow the allocated buffer grupx

252

if (offset + cbUPX > grupxLen) {

253

wvlog << "====> Error: grupx would overflow!" << endl;

254

return false;

255

}

251

256

for ( U16 j = 0; j < cbUPX; ++j ) {

252

257

grupx[ offset + j ] = stream->readU8(); // read the whole UPX

253

258

#ifdef WV2_DEBUG_STYLESHEET

Older »