[freexl] 01/02: Add patch to fix 32 bit multiplication overflow.

Sebastiaan Couwenberg sebastic at moszumanska.debian.org
Wed Jul 15 20:35:07 UTC 2015 

This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch wheezy
in repository freexl.

commit a2c7861ccfebc78abdbcbb521383b5778a035f1f
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Wed Jul 15 22:27:25 2015 +0200

    Add patch to fix 32 bit multiplication overflow.
---
 debian/changelog                                   |  6 ++++
 debian/patches/32bit-multiplication-overflow.patch | 38 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 45 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f4d4b7e..f1c16c2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+freexl (1.0.0b-1+deb7u2) UNRELEASED; urgency=medium
+
+  * Add patch to fix 32 bit multiplication overflow.
+
+ -- Bas Couwenberg <sebastic at debian.org>  Wed, 15 Jul 2015 22:27:07 +0200
+
 freexl (1.0.0b-1+deb7u1) wheezy-security; urgency=high
 
   * Add myself to Uploaders.
diff --git a/debian/patches/32bit-multiplication-overflow.patch b/debian/patches/32bit-multiplication-overflow.patch
new file mode 100644
index 0000000..9758146
--- /dev/null
+++ b/debian/patches/32bit-multiplication-overflow.patch
@@ -0,0 +1,38 @@
+Description: Fixing a critical bug (32 bit multiplication overflow) reported by RHEL maintainers
+Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=4f9408c216ead322&v2=44802d385bc32499&sbs=1
+Author: Alessandro Furieri <a.furieri at lqt.it>
+
+--- a/src/freexl.c
++++ b/src/freexl.c
+@@ -1060,6 +1060,7 @@ allocate_cells (biff_workbook * workbook
+ /* allocating the rows and cells for the active Worksheet */
+     unsigned int row;
+     unsigned int col;
++    double dsize;
+     biff_cell_value *p_cell;
+ 
+     if (workbook == NULL)
+@@ -1067,6 +1068,14 @@ allocate_cells (biff_workbook * workbook
+     if (workbook->active_sheet == NULL)
+         return FREEXL_NULL_ARGUMENT;
+ 
++/* testing for an unrealistically high memory size > 256MB */
++    dsize =
++	(double) sizeof (biff_cell_value) *
++	(double) (workbook->active_sheet->rows) *
++	(double) (workbook->active_sheet->columns);
++    if (dsize > 256.0 * 1024.0 * 1024.0)
++	return FREEXL_INSUFFICIENT_MEMORY;
++
+ /* allocating the cell values array */
+     workbook->active_sheet->cell_values =
+ 	malloc (sizeof (biff_cell_value) *
+@@ -1719,6 +1728,8 @@ parse_SST (biff_workbook * workbook, int
+             }
+ 	  workbook->shared_strings.utf8_strings =
+ 	      malloc (sizeof (char **) * workbook->shared_strings.string_count);
++	  if (workbook->shared_strings.utf8_strings == NULL)
++	      return FREEXL_INSUFFICIENT_MEMORY;
+ 	  for (i_string = 0; i_string < workbook->shared_strings.string_count;
+ 	       i_string++)
+ 	      *(workbook->shared_strings.utf8_strings + i_string) = NULL;
diff --git a/debian/patches/series b/debian/patches/series
index 079be2f..7fa2afa 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 afl-vulnerabilitities.patch
+32bit-multiplication-overflow.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/freexl.git

More information about the Pkg-grass-devel mailing list