Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 142420 Details for
Bug 208464
<dev-lang/tk-8.4.18-r1, <dev-util/sourcenav-5.1.4, <dev-util/insight-6.7.1-r1, <dev-perl/perl-tk-804.028-r2 (...): malformed GIF buffer overflow (CVE-2008-0553)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch with testcase
tkImgGIF.patch (text/plain), 2.52 KB, created by
Raphael Marichez (Falco) (RETIRED)
on 2008-02-01 18:00:07 UTC
(
hide
)
Description:
patch with testcase
Filename:
MIME Type:
Creator:
Raphael Marichez (Falco) (RETIRED)
Created:
2008-02-01 18:00:07 UTC
Size:
2.52 KB
patch
obsolete
>Index: generic/tkImgGIF.c >=================================================================== >RCS file: /cvsroot/tktoolkit/tk/generic/tkImgGIF.c,v >retrieving revision 1.24.2.5 >diff -u -r1.24.2.5 tkImgGIF.c >--- generic/tkImgGIF.c 11 Sep 2007 18:01:45 -0000 1.24.2.5 >+++ generic/tkImgGIF.c 25 Jan 2008 19:23:01 -0000 >@@ -826,6 +826,12 @@ > Tcl_PosixError(interp), (char *) NULL); > return TCL_ERROR; > } >+ >+ if (initialCodeSize > MAX_LWZ_BITS) { >+ Tcl_SetResult(interp, "malformed image", TCL_STATIC); >+ return TCL_ERROR; >+ } >+ > if (transparent != -1) { > cmap[transparent][CM_RED] = 0; > cmap[transparent][CM_GREEN] = 0; >Index: tests/imgPhoto.test >=================================================================== >RCS file: /cvsroot/tktoolkit/tk/tests/imgPhoto.test,v >retrieving revision 1.15.2.5 >diff -u -r1.15.2.5 imgPhoto.test >--- tests/imgPhoto.test 11 Sep 2007 18:01:46 -0000 1.15.2.5 >+++ tests/imgPhoto.test 25 Jan 2008 19:23:01 -0000 >@@ -681,6 +681,35 @@ > image delete $i > } > >+test imgPhoto-14.4 {GIF buffer overflow} -setup { >+ set i [image create photo] >+} -body { >+ # This crashes Tk up to 8.4.17 and 8.5.0 >+ $i configure -data { >+ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/ >+ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >+ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm >+ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/ >+ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz >+ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM >+ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA >+ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ >+ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/ >+ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm >+ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM >+ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz >+ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ >+ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A >+ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m >+ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M//// >+ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD >+ CBMqXMiwYcKAADs= >+ } >+} -cleanup { >+ image delete $i >+} -returnCodes error -result {malformed image} >+ > test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ > {nonPortable} { > # This is not portable to very large machines with more around
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=142420">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 208464
: 142420
