diff options
Diffstat (limited to 'enscript-CVE-vasnprintf.patch')
| -rw-r--r-- | enscript-CVE-vasnprintf.patch | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/enscript-CVE-vasnprintf.patch b/enscript-CVE-vasnprintf.patch new file mode 100644 index 0000000..623f2ab --- /dev/null +++ b/enscript-CVE-vasnprintf.patch @@ -0,0 +1,15 @@ +diff --git a/intl/vasnprintf.c b/intl/vasnprintf.c +index 4a8e7f0..65ade71 100644 +--- a/intl/vasnprintf.c ++++ b/intl/vasnprintf.c +@@ -758,7 +758,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes) + size_t a_len = a.nlimbs; + /* 0.03345 is slightly larger than log(2)/(9*log(10)). */ + size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1); +- char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes)); ++ /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the ++ digits of a, followed by 1 byte for the terminating NUL. */ ++ char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1)); + if (c_ptr != NULL) + { + char *d_ptr = c_ptr; |