Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/mpfr/patches/002-CVE-2014-9474-strtofr.c.patch
author Stefan Teleman <stefan.teleman@oracle.com>
Mon, 26 Jan 2015 06:15:58 -0800
changeset 3684 35dbb100a986
permissions -rw-r--r--
20300662 problem in LIBRARY/LIBMPFR

# Original patch for libmpfr 3.1.2 is here:
# http://www.mpfr.org/mpfr-3.1.2/patch11
# Backported to libmpfr 2.4.2.
--- strtofr.c	2009-11-29 18:43:08.000000000 -0800
+++ strtofr.c	2015-01-23 11:30:29.242406530 -0800
@@ -464,8 +464,10 @@
       /* prec bits corresponds to ysize limbs */
       ysize_bits = ysize * BITS_PER_MP_LIMB;
       /* and to ysize_bits >= prec > MPFR_PREC (x) bits */
-      y = (mp_limb_t*) MPFR_TMP_ALLOC ((2 * ysize + 1) * sizeof (mp_limb_t));
-      y += ysize; /* y has (ysize+1) allocated limbs */
+      /* we need to allocate one more limb to work around
+       * https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html */
+      y = (mp_limb_t*) MPFR_TMP_ALLOC ((2 * ysize + 2) * sizeof (mp_limb_t));
+      y += ysize; /* y has (ysize+2) allocated limbs */
 
       /* pstr_size is the number of characters we read in pstr->mant
          to have at least ysize full limbs.
upstream/oracle/userland-gate