← Back to branch summary

~ubuntu-branches/debian/squeeze/links2/squeeze

« back to all changes in this revision

Viewing changes to html_tbl.c

  • Committer: Package Import Robot
  • Author(s): Axel Beckert
  • Date: 2013-11-28 16:42:44 UTC
  • Revision ID: package-import@ubuntu.com-20131128164244-0ax8l7jnpraecyxu
Tags: 2.3~pre1-1+squeeze2
Add patch against integer overflow in graphics mode (CVE-2013-6050)

Show diffs side-by-side

added added

removed removed

Lines of Context:
html_tbl.c
1561
1561
void add_to_rect_sets(struct rect_set ***s, int *n, struct rect *r)
1562
1562
{
1563
1563
        int i, j;
 
1564
        if (r->y1 < 0 || r->y2 < 0) {
 
1565
                error((unsigned char *)"add_to_cell_sets: integer overflow: %d, %d", r->y1, r->y2);
 
1566
                fatal_tty_exit();
 
1567
        }
1564
1568
        for (i = r->y1 >> RECT_BOUND_BITS; i <= (r->y2 - 1) >> RECT_BOUND_BITS; i++) {
1565
1569
                if (i >= *n) {
1566
1570
                        struct rect_set **ns;