[PATCH] libjpeg-buf-oflo.patch

Dike out a section of code that has no usefulness on Unix-like systems, and will crash if fed a comment string exceeding 64K. Per report from Lubomir Kundrak, RH bug #226965
author: Tom Lane <tgl@redhat.com> 2009-01-09 00:43:05 +0100
committer: Christoph Brill <egore911@egore911.de> 2009-01-09 00:43:05 +0100
commit: e5ce159199b736694bd93c75f0eec944600aea9b (patch)
tree: 022d4dd21712d69dc2f7c49db5adeaed954eb591
parent: 06977034874aac38d3559781af5688cac7ab8d25 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/wrjpgcom.c b/wrjpgcom.c
index 8c04b05..b7b5a1a 100644
--- a/wrjpgcom.c
+++ b/wrjpgcom.c
@@ -446,6 +446,8 @@ main (int argc, char **argv)
     } else if (keymatch(arg, "comment", 1)) {
       if (++argn >= argc) usage();
       comment_arg = argv[argn];
+#if 0
+#error "There is a buffer overflow in the code below"
       /* If the comment text starts with '"', then we are probably running
        * under MS-DOG and must parse out the quoted string ourselves.  Sigh.
        */
@@ -466,6 +468,7 @@ main (int argc, char **argv)
 	  strcat(comment_arg, argv[argn]);
 	}
       }
+#endif
       comment_length = (unsigned int) strlen(comment_arg);
     } else
       usage();
author	Tom Lane <tgl@redhat.com>	2009-01-09 00:43:05 +0100
committer	Christoph Brill <egore911@egore911.de>	2009-01-09 00:43:05 +0100
commit	e5ce159199b736694bd93c75f0eec944600aea9b (patch)
tree	022d4dd21712d69dc2f7c49db5adeaed954eb591
parent	06977034874aac38d3559781af5688cac7ab8d25 (diff)