diff options
Diffstat (limited to 'pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch')
-rw-r--r-- | pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch new file mode 100644 index 00000000000..3576df214ae --- /dev/null +++ b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch @@ -0,0 +1,26 @@ +Simple bounds checks for CVE-2023-40890 + +--- a/zbar/decoder/databar.c ++++ b/zbar/decoder/databar.c +@@ -23,6 +23,8 @@ + + #include <config.h> + #include <zbar.h> ++#include <stdlib.h> ++#include <stdio.h> + + #ifdef DEBUG_DATABAR + # define DEBUG_LEVEL (DEBUG_DATABAR) +@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg, + fixed = -1; + s <<= 1; + dbprintf(2, "%x", s); ++ ++ if (i > 20) { ++ fprintf(stderr, "Bug: Out-of-bounds condition detected\n"); ++ exit(99); ++ } ++ + seq[i++] = s++; + seq[i++] = s; + } |