← Back to branch summary

~ubuntu-branches/ubuntu/dapper/clamav/dapper-updates

« back to all changes in this revision

Viewing changes to libclamav/pdf.c

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-05-21 08:35:34 UTC
  • mfrom: (12.1.11 dapper-security)
  • Revision ID: james.westby@ubuntu.com-20100521083534-xjbfxmr034zzkagg
Tags: 0.95.3+dfsg-1ubuntu0.09.04~dapper4
* SECURITY UPDATE: fix crash via heap overflow when processing malformed
  PDF file
  - libclamav/pdf.c: make sure enough space is allocated for tmpbuf in
    cli_pdf()
  - https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016
  - clamav git f0eb394501ec21b9fe67f36cbf5db788711d4236

Show diffs side-by-side

added added

removed removed

Lines of Context:
libclamav/pdf.c
482
482
                        }
483
483
                        if(ret) {
484
484
                                unsigned char *t;
 
485
                                unsigned size;
485
486
 
486
487
                                real_streamlen = ret;
487
488
                                /* free unused trailing bytes */
488
 
                                t = (unsigned char *)cli_realloc(tmpbuf,calculated_streamlen);
 
489
                                size = real_streamlen > calculated_streamlen ? real_streamlen : calculated_streamlen;
 
490
                                t = (unsigned char *)cli_realloc(tmpbuf,size);
489
491
                                if(t == NULL) {
490
492
                                        free(tmpbuf);
491
493
                                        close(fout);