[Bug 509531] CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009)
bugzilla at redhat.com
bugzilla at redhat.com
Fri Jul 3 13:31:01 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=509531
--- Comment #4 from Richard W.M. Jones <rjones at redhat.com> 2009-07-03 09:31:00 EDT ---
Created an attachment (id=350433)
--> (https://bugzilla.redhat.com/attachment.cgi?id=350433)
camlimages-oversized-png-check.patch
This is a potential fix which checks whether the
numbers we are about to multiply together could
provoke an arithmetic overflow (or are negative,
which would be equally bogus).
It solves the test case that I was given privately.
Note that in any case the bug only manifests on 32 bit
architectures. On 64 bit, the multiply does not
overflow, but unless you have loads of free memory
you will shortly afterwards get a (safe) Out_of_memory
exception.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-ocaml-list
mailing list