diff options
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/gdk-pixbuf/Makefile | 2 | ||||
| -rw-r--r-- | graphics/gdk-pixbuf/files/patch-pixbuf-security | 53 |
2 files changed, 54 insertions, 1 deletions
diff --git a/graphics/gdk-pixbuf/Makefile b/graphics/gdk-pixbuf/Makefile index 69cf76d2f4eb..131e45cab78a 100644 --- a/graphics/gdk-pixbuf/Makefile +++ b/graphics/gdk-pixbuf/Makefile @@ -7,7 +7,7 @@ PORTNAME?= gdk-pixbuf PORTVERSION= 0.22.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= graphics MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= sources/gdk-pixbuf/0.22 diff --git a/graphics/gdk-pixbuf/files/patch-pixbuf-security b/graphics/gdk-pixbuf/files/patch-pixbuf-security new file mode 100644 index 000000000000..44c4eb8da4b9 --- /dev/null +++ b/graphics/gdk-pixbuf/files/patch-pixbuf-security @@ -0,0 +1,53 @@ +--- gdk-pixbuf/io-ico.c.orig Mon Oct 11 15:44:43 2004 ++++ gdk-pixbuf/io-ico.c Mon Oct 11 15:47:29 2004 +@@ -330,6 +330,10 @@ + + State->HeaderSize+=I; + ++ if (State->HeaderSize < 0) { ++ return FALSE; ++ } ++ + if (State->HeaderSize>State->BytesInHeaderBuf) { + guchar *tmp=realloc(State->HeaderBuf,State->HeaderSize); + if (!tmp) +--- gdk-pixbuf/io-xpm.c.orig Mon Oct 11 15:47:42 2004 ++++ gdk-pixbuf/io-xpm.c Mon Oct 11 16:01:13 2004 +@@ -352,16 +352,33 @@ + return NULL; + } + sscanf (buffer, "%d %d %d %d", &w, &h, &n_col, &cpp); +- if (cpp >= 32) { +- g_warning ("XPM has more than 31 chars per pixel."); ++ if (cpp <= 0 || cpp >= 32) { ++ g_warning ("XPM has invalid number of chars per pixel"); ++ return NULL; ++ } ++ ++ if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) { ++ g_warning ("XPM file has invalid number of colors"); + return NULL; + } + + /* The hash is used for fast lookups of color from chars */ + color_hash = g_hash_table_new (g_str_hash, g_str_equal); + +- name_buf = g_new (gchar, n_col * (cpp + 1)); +- colors = g_new (_XPMColor, n_col); ++ name_buf = (gchar *) g_try_malloc (n_col * (cpp + 1)); ++ if (!name_buf) { ++ g_warning ("Cannot allocate memory for loading XPM image"); ++ g_hash_table_destroy (color_hash); ++ return NULL; ++ } ++ ++ colors = (_XPMColor *) g_try_malloc (sizeof (_XPMColor) * n_col); ++ if (!colors) { ++ g_warning ("Cannot allocate memory for loading XPM image"); ++ g_hash_table_destroy (color_hash); ++ g_free (name_buf); ++ return NULL; ++ } + + for (cnt = 0; cnt < n_col; cnt++) { + gchar *color_name; |