summary refs log tree commit diff
path: root/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch')
-rw-r--r--pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch17
1 files changed, 17 insertions, 0 deletions
diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch
new file mode 100644
index 00000000000..7b7ca5a0bef
--- /dev/null
+++ b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch
@@ -0,0 +1,17 @@
+Simple bounds checks for CVE-2023-40889, based on third-party
+fix by Remi Meier @
+https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c
+
+--- a/zbar/qrcode/qrdec.c
++++ b/zbar/qrcode/qrdec.c
+@@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist,
+     /*TODO: We might be able to accelerate this step significantly by
+        considering the remaining finder centers in a more intelligent order,
+        based on the first finder center we just chose.*/
+-    for(j=i+1;!mark[i]&&j<_ncenters;j++){
+-      for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){
++    for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){
++      for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){
+         qr_finder_center *c[3];
+         qr_code_data      qrdata;
+         int               version;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-14 03:37:38 +0000