Skip to content
Permalink
Browse files

ofz#817 nStrLen-1 changed to nStrLen-3

regression from...

commit ff8f662
Author: Caolán McNamara <caolanm@redhat.com>
Date:   Thu Jan 19 16:56:34 2017 +0000

    Resolves: ofz#424 guard against broken dxary length

but this weird typo doesn't appears in the 5-2 and 5-3 backports,
odd how I managed that

Change-Id: I5fb1db2284d48ee78e717d41274a3d37ab0255cf
  • Loading branch information...
Caolán McNamara
Caolán McNamara committed Mar 11, 2017
1 parent 4415341 commit 28e61b634353110445e334ccaa415d7fb6629d62
Showing with 1 addition and 1 deletion.
  1. +1 −1 vcl/source/gdi/svmconverter.cxx
@@ -988,7 +988,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm, GDIMetaFile& rMtf )
// difference to last elem and store
// in very last.
if( nStrLen > 1 )
pDXAry[ nStrLen-3 ] = pDXAry[ nStrLen-2 ] + pTmpAry[ nStrLen-1 ] - pTmpAry[ nStrLen-2 ];
pDXAry[ nStrLen-1 ] = pDXAry[ nStrLen-2 ] + pTmpAry[ nStrLen-1 ] - pTmpAry[ nStrLen-2 ];
else
pDXAry[ nStrLen-1 ] = pTmpAry[ nStrLen-1 ]; // len=1: 0th position taken to be 0
}

2 comments on commit 28e61b6

@carnil

This comment has been minimized.

Copy link

replied Apr 14, 2017

The issue fixed by this commit has been assigned CVE-2017-7856

@caolanm

This comment has been minimized.

Copy link

replied Apr 21, 2017

This particular CVE refers specifically to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=817 which is a bug introduced on the 19 Jan 2017 and fixed on 11 March 2017, so there was never a release with this bug in it.

Please sign in to comment.
You can’t perform that action at this time.