Accepting request 931707 from devel:libraries:c_c++
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] OBS-URL: https://build.opensuse.org/request/show/931707 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gmp?expand=0&rev=59factory
Dominique Leuenberger
2 years ago
committed by
Git OBS Bridge
commit
4f594d1983
@ -0,0 +1,25 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Marco Bodrato <bodrato@mail.dm.unipi.it>
|
||||
# Date 1634836009 -7200
|
||||
# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
|
||||
# Parent e1fd9db13b475209a864577237ea4b9105b3e96e
|
||||
mpz/inp_raw.c: Avoid bit size overflows
|
||||
|
||||
diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
|
||||
--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
|
||||
+++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
|
||||
@@ -88,8 +88,11 @@
|
||||
|
||||
abs_csize = ABS (csize);
|
||||
|
||||
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
|
||||
+ return 0; /* Bit size overflows */
|
||||
+
|
||||
/* round up to a multiple of limbs */
|
||||
- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
|
||||
+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
|
||||
|
||||
if (abs_xsize != 0)
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue