[mingw32-gdk-pixbuf/f15] patch for CVE-2012-2370
sailer
sailer at fedoraproject.org
Tue Aug 7 09:53:32 UTC 2012
commit 64c30921c9ebce11682251f476284801b368943f
Author: Thomas Sailer <t.sailer at alumni.ethz.ch>
Date: Tue Aug 7 11:53:14 2012 +0200
patch for CVE-2012-2370
mingw32-gdk-pixbuf.spec | 8 +++++++-
xbmoverflow.patch | 44 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 51 insertions(+), 1 deletions(-)
---
diff --git a/mingw32-gdk-pixbuf.spec b/mingw32-gdk-pixbuf.spec
index e342d70..6164ad8 100644
--- a/mingw32-gdk-pixbuf.spec
+++ b/mingw32-gdk-pixbuf.spec
@@ -7,7 +7,7 @@
Name: mingw32-gdk-pixbuf
Version: 2.23.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MinGW Windows GDK Pixbuf library
License: LGPLv2+
@@ -23,6 +23,8 @@ Source1: gdk-pixbuf.loaders
# Some Fedora-MinGW-specific changes are required by mingw32-libjpeg 7
Patch0: mingw32-gtk2-libjpeg7-compatibility.patch
+# RHBZ #822468
+Patch1: xbmoverflow.patch
BuildArch: noarch
@@ -61,6 +63,7 @@ MinGW Windows GDK Pixbuf library.
%setup -q -n gdk-pixbuf-%{version}
%patch0 -p0
+%patch1 -p1 -b .xbm
%build
@@ -139,6 +142,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Tue Aug 7 2012 Thomas Sailer <t.sailer at alumni.ethz.ch> - 2.23.3-2
+- patch for #822468, #822471, CVE-2012-2370
+
* Wed Apr 27 2011 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.23.3-1
- Update to 2.23.3
- Dropped the configure argument --enable-gdiplus as it's enabled by default
diff --git a/xbmoverflow.patch b/xbmoverflow.patch
new file mode 100644
index 0000000..6d3f89e
--- /dev/null
+++ b/xbmoverflow.patch
@@ -0,0 +1,44 @@
+From 4f0f465f991cd454d03189497f923eb40c170c22 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen at redhat.com>
+Date: Sat, 14 Apr 2012 18:21:09 +0000
+Subject: Avoid an integer overflow in the xbm loader
+
+At the same time, reject some silly input, such as negative
+width or height.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=672811
+---
+diff --git a/gdk-pixbuf/io-xbm.c b/gdk-pixbuf/io-xbm.c
+index 46653b9..4f3e1e8 100644
+--- a/gdk-pixbuf/io-xbm.c
++++ b/gdk-pixbuf/io-xbm.c
+@@ -183,10 +183,16 @@ read_bitmap_file_data (FILE *fstream,
+ type++;
+ }
+
+- if (!strcmp ("width", type))
++ if (!strcmp ("width", type)) {
++ if (value <= 0)
++ RETURN (FALSE);
+ ww = (unsigned int) value;
+- if (!strcmp ("height", type))
++ }
++ if (!strcmp ("height", type)) {
++ if (value <= 0)
++ RETURN (FALSE);
+ hh = (unsigned int) value;
++ }
+ if (!strcmp ("hot", type)) {
+ if (type-- == name_and_type
+ || type-- == name_and_type)
+@@ -231,6 +237,8 @@ read_bitmap_file_data (FILE *fstream,
+ bytes_per_line = (ww+7)/8 + padding;
+
+ size = bytes_per_line * hh;
++ if (size / bytes_per_line != hh) /* overflow */
++ RETURN (FALSE);
+ bits = g_malloc (size);
+
+ if (version10p) {
+--
+cgit v0.9.0.2
More information about the scm-commits
mailing list