18 lines
851 B
Diff
18 lines
851 B
Diff
Description: Fix integer overflow in graphics mode (CVE-2013-6050)
|
|
Author: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
|
|
Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6050
|
|
|
|
Index: links-2.7/html_tbl.c
|
|
===================================================================
|
|
--- links-2.7.orig/html_tbl.c 2013-11-22 01:57:29.000000000 +0100
|
|
+++ links-2.7/html_tbl.c 2013-11-22 01:58:30.000000000 +0100
|
|
@@ -1550,6 +1550,8 @@ static void add_to_rect_sets(struct rect
|
|
static void add_to_cell_sets(struct table_cell ****s, int **nn, int *n, struct rect *r, struct table_cell *c)
|
|
{
|
|
int i, j;
|
|
+ if (r->y1 < 0 || r->y2 < 0)
|
|
+ fatal_exit("add_to_cell_sets: integer overflow: %d, %d", r->y1, r->y2);
|
|
for (i = r->y1 >> RECT_BOUND_BITS; i <= (r->y2 - 1) >> RECT_BOUND_BITS; i++) {
|
|
if (i >= *n) {
|
|
struct table_cell ***ns;
|