Remove all firmware

author: davidovski <david@davidovski.xyz> 2023-05-17 17:01:27 +0100
committer: davidovski <david@davidovski.xyz> 2023-05-17 17:01:27 +0100
commit: 0d37a1ef234c38b27faba43bc3a22f985d311deb (patch)
tree: dde8df9f508e7323c3d7df599ceade7705c40acd /repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch
parent: f29d569cd33a73da5ad675f43a34ad53c5cc9bc6 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch b/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch
new file mode 100644
index 0000000..c7a6f3a
--- /dev/null
+++ b/repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch
@@ -0,0 +1,21 @@
+diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
+index c2fdbe4..e271a1d 100644
+--- a/libdjvu/GBitmap.cpp
++++ b/libdjvu/GBitmap.cpp
+@@ -69,6 +69,7 @@
+ #include <stddef.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ 
+ // - Author: Leon Bottou, 05/1997
+ 
+@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs)
+   // initialize pixel array
+   if (nrows==0 || ncolumns==0)
+     G_THROW( ERR_MSG("GBitmap.not_init") );
++  if (ncolumns > USHRT_MAX - border)
++    G_THROW("GBitmap: row size exceeds maximum (corrupted file?)");
+   bytes_per_row = ncolumns + border;
+   if (runs==0)
+     G_THROW( ERR_MSG("GBitmap.null_arg") );
author	davidovski <david@davidovski.xyz>	2023-05-17 17:01:27 +0100
committer	davidovski <david@davidovski.xyz>	2023-05-17 17:01:27 +0100
commit	0d37a1ef234c38b27faba43bc3a22f985d311deb (patch)
tree	dde8df9f508e7323c3d7df599ceade7705c40acd /repo/djvulibre/djvulibre-3.5.27-unsigned-short-overflow.patch
parent	f29d569cd33a73da5ad675f43a34ad53c5cc9bc6 (diff)