diff options
| author |   Matthias Maier <tamiko@gentoo.org> | 2018-08-16 16:59:36 -0500 |
|---|---|---|
| committer | Matthias Maier <tamiko@gentoo.org> | 2018-08-16 19:07:48 -0500 |
| commit | dfd415b17224737493b36a801d929b382061d82d (patch) | |
| tree | e4268c5e059a815fdfed9dbc326706ddb73bf424 /app-emulation/spice/files | |
| parent | app-emulation/spice: drop old (diff) | |
| download | gentoo-dfd415b17224737493b36a801d929b382061d82d.tar.gz gentoo-dfd415b17224737493b36a801d929b382061d82d.tar.bz2 gentoo-dfd415b17224737493b36a801d929b382061d82d.zip | |
app-emulation/spice: patch integer overflow, bug #663330
Bug: https://bugs.gentoo.org/663330
Package-Manager: Portage-2.3.46, Repoman-2.3.10
Diffstat (limited to 'app-emulation/spice/files')
| -rw-r--r-- | app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch b/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch new file mode 100644 index 000000000000..a05bbb7545aa --- /dev/null +++ b/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch @@ -0,0 +1,12 @@ +diff --git a/spice-common/python_modules/demarshal.py b/spice-common/python_modules/demarshal.py +index 1ea131d..7172762 100644 +--- a/spice-common/python_modules/demarshal.py ++++ b/spice-common/python_modules/demarshal.py +@@ -318,6 +318,7 @@ def write_validate_array_item(writer, container, item, scope, parent_scope, star + writer.assign(nelements, array.size) + elif array.is_remaining_length(): + if element_type.is_fixed_nw_size(): ++ writer.error_check("%s > message_end" % item.get_position()) + if element_type.get_fixed_nw_size() == 1: + writer.assign(nelements, "message_end - %s" % item.get_position()) + else: |