Hello community, here is the log from the commit of package wv2 checked in at Wed Jun 28 19:02:45 CEST 2006. -------- --- wv2/wv2.changes 2006-01-25 21:42:53.000000000 +0100 +++ wv2/wv2.changes 2006-06-28 15:09:00.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Jun 28 15:08:47 CEST 2006 - ltinkl@suse.cz + +- fix #183984 - VUL-0: wv2 missing bounds check + +------------------------------------------------------------------- New: ---- bounds.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wv2.spec ++++++ --- /var/tmp/diff_new_pack.7tkzz7/_old 2006-06-28 19:01:14.000000000 +0200 +++ /var/tmp/diff_new_pack.7tkzz7/_new 2006-06-28 19:01:14.000000000 +0200 @@ -1,11 +1,11 @@ # # spec file for package wv2 (Version 0.2.2) # -# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # -# Please submit bugfixes or comments via http://www.suse.de/feedback/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild @@ -16,11 +16,12 @@ Group: System/Libraries Autoreqprov: on Version: 0.2.2 -Release: 7 +Release: 21 Summary: library to import Microsoft Word documents Source: %name-%{version}.tar.bz2 URL: http://sourceforge.net/projects/wvware Patch: %name.diff +Patch2: bounds.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -58,6 +59,7 @@ %prep %setup -q %patch +%patch2 %build rm -rf autom4te.cache @@ -105,6 +107,8 @@ /%_libdir/libwv2.so %changelog -n wv2 +* Wed Jun 28 2006 - ltinkl@suse.cz +- fix #183984 - VUL-0: wv2 missing bounds check * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Mon Sep 26 2005 - mls@suse.de ++++++ bounds.diff ++++++ --- src/word_helper.h +++ src/word_helper.h @@ -552,8 +552,12 @@ const U8 tmp = m_fkp.m_rgb[ m_index ].offset; // Now we have to calculate the real offset and then locate it // within our cached array... - if ( tmp != 0 ) - return &m_fkp.m_fkp[ tmp * 2 - m_fkp.m_internalOffset ]; + if ( tmp != 0 ) { + const int pos = tmp * 2 - m_fkp.m_internalOffset; + if (pos < 0 || pos >= 511 - m_fkp.m_internalOffset) + return 0; + return &m_fkp.m_fkp[ pos ]; + } } return 0; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit-help@opensuse.org