Skip to content

Commit

Permalink
ofz#817 nStrLen-1 changed to nStrLen-3
Browse files Browse the repository at this point in the history 
regression from...

commit ff8f662
Author: Caolán McNamara <caolanm@redhat.com>
Date:   Thu Jan 19 16:56:34 2017 +0000

    Resolves: ofz#424 guard against broken dxary length

but this weird typo doesn't appears in the 5-2 and 5-3 backports,
odd how I managed that

Change-Id: I5fb1db2284d48ee78e717d41274a3d37ab0255cf
  • Loading branch information
Caolán McNamara committed Mar 11, 2017
1 parent 4415341 commit 28e61b6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion vcl/source/gdi/svmconverter.cxx
View file
Expand Up @@ -988,7 +988,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm, GDIMetaFile& rMtf )
// difference to last elem and store // difference to last elem and store
// in very last. // in very last.
if( nStrLen > 1 ) if( nStrLen > 1 )
pDXAry[ nStrLen-3 ] = pDXAry[ nStrLen-2 ] + pTmpAry[ nStrLen-1 ] - pTmpAry[ nStrLen-2 ]; pDXAry[ nStrLen-1 ] = pDXAry[ nStrLen-2 ] + pTmpAry[ nStrLen-1 ] - pTmpAry[ nStrLen-2 ];
else else
pDXAry[ nStrLen-1 ] = pTmpAry[ nStrLen-1 ]; // len=1: 0th position taken to be 0 pDXAry[ nStrLen-1 ] = pTmpAry[ nStrLen-1 ]; // len=1: 0th position taken to be 0
} }
Expand Down

2 comments on commit 28e61b6

@carnil
Copy link

@carnil carnil commented on 28e61b6 Apr 14, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue fixed by this commit has been assigned CVE-2017-7856

@caolanm
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This particular CVE refers specifically to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=817 which is a bug introduced on the 19 Jan 2017 and fixed on 11 March 2017, so there was never a release with this bug in it.

Please sign in to comment.