Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 142420 Details for
Bug 208464
<dev-lang/tk-8.4.18-r1, <dev-util/sourcenav-5.1.4, <dev-util/insight-6.7.1-r1, <dev-perl/perl-tk-804.028-r2 (...): malformed GIF buffer overflow (CVE-2008-0553)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch with testcase
tkImgGIF.patch (text/plain), 2.52 KB, created by
Raphael Marichez (Falco) (RETIRED)
on 2008-02-01 18:00:07 UTC
(
hide
)
Description:
patch with testcase
Filename:
MIME Type:
Creator:
Raphael Marichez (Falco) (RETIRED)
Created:
2008-02-01 18:00:07 UTC
Size:
2.52 KB
patch
obsolete
>Index: generic/tkImgGIF.c >=================================================================== >RCS file: /cvsroot/tktoolkit/tk/generic/tkImgGIF.c,v >retrieving revision 1.24.2.5 >diff -u -r1.24.2.5 tkImgGIF.c >--- generic/tkImgGIF.c 11 Sep 2007 18:01:45 -0000 1.24.2.5 >+++ generic/tkImgGIF.c 25 Jan 2008 19:23:01 -0000 >@@ -826,6 +826,12 @@ > Tcl_PosixError(interp), (char *) NULL); > return TCL_ERROR; > } >+ >+ if (initialCodeSize > MAX_LWZ_BITS) { >+ Tcl_SetResult(interp, "malformed image", TCL_STATIC); >+ return TCL_ERROR; >+ } >+ > if (transparent != -1) { > cmap[transparent][CM_RED] = 0; > cmap[transparent][CM_GREEN] = 0; >Index: tests/imgPhoto.test >=================================================================== >RCS file: /cvsroot/tktoolkit/tk/tests/imgPhoto.test,v >retrieving revision 1.15.2.5 >diff -u -r1.15.2.5 imgPhoto.test >--- tests/imgPhoto.test 11 Sep 2007 18:01:46 -0000 1.15.2.5 >+++ tests/imgPhoto.test 25 Jan 2008 19:23:01 -0000 >@@ -681,6 +681,35 @@ > image delete $i > } > >+test imgPhoto-14.4 {GIF buffer overflow} -setup { >+ set i [image create photo] >+} -body { >+ # This crashes Tk up to 8.4.17 and 8.5.0 >+ $i configure -data { >+ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/ >+ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >+ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm >+ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/ >+ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz >+ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM >+ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA >+ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ >+ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/ >+ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm >+ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM >+ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz >+ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ >+ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A >+ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m >+ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M//// >+ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD >+ CBMqXMiwYcKAADs= >+ } >+} -cleanup { >+ image delete $i >+} -returnCodes error -result {malformed image} >+ > test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ > {nonPortable} { > # This is not portable to very large machines with more around
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 208464
: 142420