* [gentoo-commits] gentoo-x86 commit in x11-libs/gdk-pixbuf/files: gdk-pixbuf-2.24.1-xbm-overflow.patch
@ 2012-04-14 20:52 Alexandre Rostovtsev (tetromino)
0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Rostovtsev (tetromino) @ 2012-04-14 20:52 UTC (permalink / raw
To: gentoo-commits
tetromino 12/04/14 20:52:57
Added: gdk-pixbuf-2.24.1-xbm-overflow.patch
Log:
Fix integer overflow in xbm loader (bug #412033).
(Portage version: 2.2.0_alpha100/cvs/Linux x86_64)
Revision Changes Path
1.1 x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch?rev=1.1&content-type=text/plain
Index: gdk-pixbuf-2.24.1-xbm-overflow.patch
===================================================================
From 4f0f465f991cd454d03189497f923eb40c170c22 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Sat, 14 Apr 2012 14:21:09 -0400
Subject: [PATCH] Avoid an integer overflow in the xbm loader
At the same time, reject some silly input, such as negative
width or height.
https://bugzilla.gnome.org/show_bug.cgi?id=672811
---
gdk-pixbuf/io-xbm.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/gdk-pixbuf/io-xbm.c b/gdk-pixbuf/io-xbm.c
index 46653b9..4f3e1e8 100644
--- a/gdk-pixbuf/io-xbm.c
+++ b/gdk-pixbuf/io-xbm.c
@@ -183,10 +183,16 @@ read_bitmap_file_data (FILE *fstream,
type++;
}
- if (!strcmp ("width", type))
+ if (!strcmp ("width", type)) {
+ if (value <= 0)
+ RETURN (FALSE);
ww = (unsigned int) value;
- if (!strcmp ("height", type))
+ }
+ if (!strcmp ("height", type)) {
+ if (value <= 0)
+ RETURN (FALSE);
hh = (unsigned int) value;
+ }
if (!strcmp ("hot", type)) {
if (type-- == name_and_type
|| type-- == name_and_type)
@@ -231,6 +237,8 @@ read_bitmap_file_data (FILE *fstream,
bytes_per_line = (ww+7)/8 + padding;
size = bytes_per_line * hh;
+ if (size / bytes_per_line != hh) /* overflow */
+ RETURN (FALSE);
bits = g_malloc (size);
if (version10p) {
--
1.7.8.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] gentoo-x86 commit in x11-libs/gdk-pixbuf/files: gdk-pixbuf-2.24.1-xbm-overflow.patch
@ 2013-06-09 11:11 Pacho Ramos (pacho)
0 siblings, 0 replies; 2+ messages in thread
From: Pacho Ramos (pacho) @ 2013-06-09 11:11 UTC (permalink / raw
To: gentoo-commits
pacho 13/06/09 11:11:43
Removed: gdk-pixbuf-2.24.1-xbm-overflow.patch
Log:
Version bump, drop old
(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key A188FBD4)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-06-09 11:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-09 11:11 [gentoo-commits] gentoo-x86 commit in x11-libs/gdk-pixbuf/files: gdk-pixbuf-2.24.1-xbm-overflow.patch Pacho Ramos (pacho)
-- strict thread matches above, loose matches on Subject: below --
2012-04-14 20:52 Alexandre Rostovtsev (tetromino)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox