diff options
| author | mezz <mezz@FreeBSD.org> | 2012-05-21 01:14:41 +0800 |
|---|---|---|
| committer | mezz <mezz@FreeBSD.org> | 2012-05-21 01:14:41 +0800 |
| commit | 1cf82a5a4786cd5e50841be3a546a59098b3a1eb (patch) | |
| tree | a8b0e928c84ab9d4e10e3ca032ebc80ae5f79093 /graphics | |
| parent | e15f282717dada26380fee6cf2c8bf463fdf8e9b (diff) | |
| download | freebsd-ports-gnome-1cf82a5a4786cd5e50841be3a546a59098b3a1eb.tar.gz freebsd-ports-gnome-1cf82a5a4786cd5e50841be3a546a59098b3a1eb.tar.zst freebsd-ports-gnome-1cf82a5a4786cd5e50841be3a546a59098b3a1eb.zip | |
Avoid an integer overflow in the xbm loader, bump the PORTREVISION.
Security: https://bugzilla.gnome.org/show_bug.cgi?id=672811
Obtained from: Its git
Reported by: Eitan Adler <lists@eitanadler.com>
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/gdk-pixbuf2/Makefile | 2 | ||||
| -rw-r--r-- | graphics/gdk-pixbuf2/files/patch-gdk-pixbuf_io-xbm.c | 44 |
2 files changed, 45 insertions, 1 deletions
diff --git a/graphics/gdk-pixbuf2/Makefile b/graphics/gdk-pixbuf2/Makefile index 74cef3fd2478..f0229354ce89 100644 --- a/graphics/gdk-pixbuf2/Makefile +++ b/graphics/gdk-pixbuf2/Makefile @@ -7,7 +7,7 @@ PORTNAME?= gdk-pixbuf PORTVERSION= 2.23.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= graphics MASTER_SITES= GNOME MASTER_SITE_SUBDIR= sources/gdk-pixbuf/${PORTVERSION:R} diff --git a/graphics/gdk-pixbuf2/files/patch-gdk-pixbuf_io-xbm.c b/graphics/gdk-pixbuf2/files/patch-gdk-pixbuf_io-xbm.c new file mode 100644 index 000000000000..e2e0805a355c --- /dev/null +++ b/graphics/gdk-pixbuf2/files/patch-gdk-pixbuf_io-xbm.c @@ -0,0 +1,44 @@ +From 4f0f465f991cd454d03189497f923eb40c170c22 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Sat, 14 Apr 2012 18:21:09 +0000 +Subject: Avoid an integer overflow in the xbm loader + +At the same time, reject some silly input, such as negative +width or height. + +https://bugzilla.gnome.org/show_bug.cgi?id=672811 +--- +diff --git a/gdk-pixbuf/io-xbm.c b/gdk-pixbuf/io-xbm.c +index 46653b9..4f3e1e8 100644 +--- gdk-pixbuf/io-xbm.c ++++ gdk-pixbuf/io-xbm.c +@@ -183,10 +183,16 @@ read_bitmap_file_data (FILE *fstream, + type++; + } + +- if (!strcmp ("width", type)) ++ if (!strcmp ("width", type)) { ++ if (value <= 0) ++ RETURN (FALSE); + ww = (unsigned int) value; +- if (!strcmp ("height", type)) ++ } ++ if (!strcmp ("height", type)) { ++ if (value <= 0) ++ RETURN (FALSE); + hh = (unsigned int) value; ++ } + if (!strcmp ("hot", type)) { + if (type-- == name_and_type + || type-- == name_and_type) +@@ -231,6 +237,8 @@ read_bitmap_file_data (FILE *fstream, + bytes_per_line = (ww+7)/8 + padding; + + size = bytes_per_line * hh; ++ if (size / bytes_per_line != hh) /* overflow */ ++ RETURN (FALSE); + bits = g_malloc (size); + + if (version10p) { +-- +cgit v0.9.0.2 |