mono/mono-big-integer-CVE-2007-5197.patch

23 lines
848 B
Diff

--- mcs/class/corlib/Mono.Math/BigInteger.cs 2007-09-19 19:06:06.000000000 +0200
+++ mcs/class/corlib/Mono.Math/BigInteger.cs 2007-10-25 23:46:55.000000000 +0200
@@ -1607,7 +1607,7 @@
uint j = 1;
// Multiply and add
- for (; j < m.length; j++) {
+ for (; j < m.length && j < A.length; j++) {
c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
*(aDP++) = (uint)c;
c >>= 32;
--- mcs/class/Mono.Security/Mono.Math/BigInteger.cs 2007-07-24 23:48:50.000000000 +0200
+++ mcs/class/Mono.Security/Mono.Math/BigInteger.cs 2007-10-25 23:45:01.000000000 +0200
@@ -1601,7 +1601,7 @@
uint j = 1;
// Multiply and add
- for (; j < m.length; j++) {
+ for (; j < m.length && j < A.length; j++) {
c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
*(aDP++) = (uint)c;
c >>= 32;