gnu/packages/patches/jasper-CVE-2008-3522.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14

Fix CVE-2008-3522 (buffer overflow in 'jas_stream_printf').
Patch from <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522>.

--- jasper-1.900.1/src/libjasper/base/jas_stream.c	2008-09-08 14:56:01.000000000 +0200
+++ jasper-1.900.1/src/libjasper/base/jas_stream.c	2008-09-08 14:58:16.000000000 +0200
@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre
 	int ret;
 
 	va_start(ap, fmt);
-	ret = vsprintf(buf, fmt, ap);
+	ret = vsnprintf(buf, sizeof buf, fmt, ap);
 	jas_stream_puts(stream, buf);
 	va_end(ap);
 	return ret;