Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 39702 Details for
Bug 64230
x11-libs/gtk+-2*, media-libs/gdk-pixbuf: Multiple Image Decoding Vulnerabilities
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
gdk-pixbuf-0.22.0-rh-alt-bound.patch
gdk-pixbuf-0.22.0-rh-alt-bound.patch (text/plain), 2.06 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2004-09-16 09:18:08 UTC
(
hide
)
Description:
gdk-pixbuf-0.22.0-rh-alt-bound.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2004-09-16 09:18:08 UTC
Size:
2.06 KB
patch
obsolete
>diff -uprk.orig gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-ico.c gdk-pixbuf-0.22.0/gdk-pixbuf/io-ico.c >--- gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-ico.c 2004-09-03 18:22:50 +0400 >+++ gdk-pixbuf-0.22.0/gdk-pixbuf/io-ico.c 2004-09-03 18:25:45 +0400 >@@ -330,6 +330,9 @@ DecodeHeader (guchar *Data, gint Bytes, > > State->HeaderSize+=I; > >+ if (State->HeaderSize < 0) >+ return FALSE; >+ > if (State->HeaderSize>State->BytesInHeaderBuf) { > guchar *tmp=realloc(State->HeaderBuf,State->HeaderSize); > if (!tmp) >diff -uprk.orig gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-xpm.c gdk-pixbuf-0.22.0/gdk-pixbuf/io-xpm.c >--- gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-xpm.c 2001-03-01 23:16:28 +0300 >+++ gdk-pixbuf-0.22.0/gdk-pixbuf/io-xpm.c 2004-09-03 18:36:20 +0400 >@@ -243,8 +243,8 @@ xpm_extract_color (const gchar *buffer) > break; > else { > if (numnames > 0) { >- space -= 1; >- strcat (color, " "); >+ strncat (color, " ", space); >+ space -= MIN (space, 1); > } > > strncat (color, temp, space); >@@ -352,16 +352,31 @@ pixbuf_create_from_xpm (const gchar * (* > return NULL; > } > sscanf (buffer, "%d %d %d %d", &w, &h, &n_col, &cpp); >- if (cpp >= 32) { >- g_warning ("XPM has more than 31 chars per pixel."); >+ if (cpp <= 0 || cpp >= 32) { >+ g_warning ("XPM has invalid number of chars per pixel"); >+ return NULL; >+ } >+ if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) { >+ g_warning ("XPM file has invalid number of colors"); > return NULL; > } > > /* The hash is used for fast lookups of color from chars */ > color_hash = g_hash_table_new (g_str_hash, g_str_equal); > >- name_buf = g_new (gchar, n_col * (cpp + 1)); >- colors = g_new (_XPMColor, n_col); >+ name_buf = g_try_malloc (n_col * (cpp + 1)); >+ if (!name_buf) { >+ g_warning ("Cannot allocate memory for loading XPM image"); >+ g_hash_table_destroy (color_hash); >+ return NULL; >+ } >+ colors = malloc (sizeof (_XPMColor) * n_col); >+ if (!colors) { >+ g_warning ("Cannot allocate memory for loading XPM image"); >+ g_hash_table_destroy (color_hash); >+ g_free (name_buf); >+ return NULL; >+ } > > for (cnt = 0; cnt < n_col; cnt++) { > gchar *color_name;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=39702">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 64230
:
39701
| 39702
