[wv2/el5] backport msword filter overflow

Rex Dieter rdieter at fedoraproject.org
Sun Aug 5 22:46:41 UTC 2012 

commit 5a11b2e71890a010f72db95a4df7c46065c4eee8
Author: Rex Dieter <rdieter at fedoraproject.org>
Date:   Sun Aug 5 17:50:17 2012 -0500

    backport msword filter overflow

 wv2-0.2.3-overflow.patch |   15 +++++++++++++++
 wv2.spec                 |    8 +++++++-
 2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/wv2-0.2.3-overflow.patch b/wv2-0.2.3-overflow.patch
new file mode 100644
index 0000000..7b4ae69
--- /dev/null
+++ b/wv2-0.2.3-overflow.patch
@@ -0,0 +1,15 @@
+diff -up wv2-0.2.3/src/styles.cpp.overflow wv2-0.2.3/src/styles.cpp
+--- wv2-0.2.3/src/styles.cpp.overflow	2006-06-12 11:40:11.000000000 -0500
++++ wv2-0.2.3/src/styles.cpp	2012-08-05 17:47:05.038101800 -0500
+@@ -187,6 +187,11 @@ bool STD::read( U16 baseSize, U16 totalS
+ #ifdef WV2_DEBUG_STYLESHEET
+         wvlog << "cbUPX: " << cbUPX << std::endl;
+ #endif
++        // do not overflow the allocated buffer grupx
++        if (offset + cbUPX > grupxLen) {
++            wvlog << "====> Error: grupx would overflow!" << endl;
++            return false;
++        }
+         for ( U16 j = 0; j < cbUPX; ++j ) {
+             grupx[ offset + j ] = stream->readU8();  // read the whole UPX
+ #ifdef WV2_DEBUG_STYLESHEET
diff --git a/wv2.spec b/wv2.spec
index 33e5375..2da90a8 100644
--- a/wv2.spec
+++ b/wv2.spec
@@ -1,6 +1,6 @@
 Name:           wv2
 Version:        0.2.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A library which allows access to Microsoft® Word files
 
 Group:          System Environment/Libraries
@@ -11,6 +11,8 @@ Source0:        http://dl.sf.net/wvware/wv2-0.2.3.tar.bz2
 Patch1:         wv2-0.2.2-no-undefined.patch
 # see bug #192291
 Patch2:         wv2-0.2.2-no-extra-libs.patch
+# backport calligra msword-odf overflow
+Patch3:         wv2-0.2.3-overflow.patch 
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -44,6 +46,7 @@ The wv2-devel package includes the header files necessary for developing.
 
 %patch1 -p1 -b .no-undefined
 %patch2 -p1 -b .extra_libs
+%patch3 -p1 -b .overflow
 
 ./autogen.sh
 
@@ -78,6 +81,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/wv2
 
 %changelog
+* Sun Aug 05 2012 Rex Dieter <rdieter at fedoraproject.org> 0.2.3-4
+- backport msword filter overflow
+
 * Thu Aug 23 2007 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> 0.2.3-3
 - new license tag

More information about the scm-commits mailing list