Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 39049 Details for
Bug 62487
media-libs/imlib-1.9.14: BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch from meissner@suse.de
imlib-CAN-2004-0817.patch (text/plain), 906 bytes, created by
Matthias Geerdsen (RETIRED)
on 2004-09-06 07:26:54 UTC
(
hide
)
Description:
Patch from meissner@suse.de
Filename:
MIME Type:
Creator:
Matthias Geerdsen (RETIRED)
Created:
2004-09-06 07:26:54 UTC
Size:
906 bytes
patch
obsolete
>--- imlib-1.9.14/gdk_imlib/io-bmp.c.fix 2004-08-25 15:33:08.000000000 +0200 >+++ imlib-1.9.14/gdk_imlib/io-bmp.c 2004-08-25 15:34:20.019333927 +0200 >@@ -42,12 +42,12 @@ > fread(dbuf, 4, 2, file); > *w = (int)dbuf[0]; > *h = (int)dbuf[1]; >- if (*w > 32767) >+ if ((*w < 0) || (*w > 32767)) > { > fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); > return NULL; > } >- if (*h > 32767) >+ if ((*h > 32767) || (*h < 0)) > { > fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); > return NULL; >@@ -72,6 +72,10 @@ > ncolors = (int)dbuf[0]; > if (ncolors == 0) > ncolors = 1 << bpp; >+ >+ if ((ncolors > (1 << bpp)) || (ncolors < 0)) >+ ncolors = 1 << bpp; >+ > /* some more sanity checks */ > if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32))) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=39049">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 62487
: 39049 |
39050
|
39067
