kdelibs3/kdelibs-3.5.4-CVE-2009-1687.patch

--- kdelibs-3.5.4/kjs/collector.cpp.CVE-2009-1687	2009-06-17 15:07:33.000000000 +0200
+++ kdelibs-3.5.4/kjs/collector.cpp	2009-06-20 00:42:48.000000000 +0200
@@ -23,6 +23,7 @@
 
 #include "value.h"
 #include "internal.h"
+#include <limits.h>
 
 #ifndef MAX
 #define MAX(a,b) ((a) > (b) ? (a) : (b))
@@ -119,6 +120,9 @@
     // didn't find one, need to allocate a new block
 
     if (heap.usedBlocks == heap.numBlocks) {
+      static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
+      if (heap.numBlocks > maxNumBlocks)
+          return 0L;
       heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR);
       heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *));
     }