[pl/f14] Fix other GIF decoder bug (similar to CVE-2007-6697)

Petr Pisar ppisar at fedoraproject.org
Mon Aug 22 14:05:57 UTC 2011 

commit 41709cb6c3b8d679edd8e3fb460f5c52ff51189f
Author: Petr Písař <ppisar at redhat.com>
Date:   Mon Aug 22 15:18:30 2011 +0200

    Fix other GIF decoder bug (similar to CVE-2007-6697)
    
    http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4

 pl.spec                           |    5 +++++
 xpce-gif-CVE-2007-6697-like.patch |   24 ++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 0 deletions(-)
---
diff --git a/pl.spec b/pl.spec
index bd70268..f661147 100644
--- a/pl.spec
+++ b/pl.spec
@@ -21,6 +21,8 @@ Patch4:         %{name}-5.7.11-pc.patch
 # Upstream bug #7, will be in 5.10.5, CVE-2011-2896, rhbz#727800
 Patch5:         xpce-gif-CVE-2011-2896-part_1.patch
 Patch6:         xpce-gif-CVE-2011-2896-part_2.patch
+# Upstream bug #7, comment 4, will be in 5.10.5
+Patch7:         xpce-gif-CVE-2007-6697-like.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  gmp-devel
@@ -112,6 +114,7 @@ in Prolog.  In both setups it provides a reentrant bidirectional interface.
 cd packages/xpce
 %patch5 -p1 -b .CVE-2011-2896-part_1
 %patch6 -p1 -b .CVE-2011-2896-part_2
+%patch7 -p1 -b .CVE-2007-6697-like
 )
 (
    mkdir doc-install
@@ -258,6 +261,8 @@ rm -rf $RPM_BUILD_ROOT
 * Fri Aug 19 2011 Petr Pisar <ppisar at redhat.com> - 5.7.11-6
 - Fix CVE-2011-2896 (David Koblas' GIF decoder LZW decoder buffer overflow)
   (bug #727800)
+- Fix other GIF decoder bug
+  (http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4)
 
 * Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 5.7.11-5
 - rebuilt with new openssl
diff --git a/xpce-gif-CVE-2007-6697-like.patch b/xpce-gif-CVE-2007-6697-like.patch
new file mode 100644
index 0000000..633799e
--- /dev/null
+++ b/xpce-gif-CVE-2007-6697-like.patch
@@ -0,0 +1,24 @@
+From: Jan Wielemaker <J.Wielemaker at cs.vu.nl>
+Date: Thu, 18 Aug 2011 18:48:18 +0000 (+0200)
+Subject: SECURITY: Bug#7: Fix CVE-2007-6697
+X-Git-Url: http://www.swi-prolog.org/packages/xpce.git/commitdiff_plain/785efb7b94d28c7dbb5b4f2b6f5a908092cf7652
+
+SECURITY: Bug#7: Fix CVE-2007-6697
+
+The test image https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6697
+in provides an illegal `input_code_size'.
+---
+
+diff --git a/src/img/gifread.c b/src/img/gifread.c
+index 3b8a743..ecffccb 100644
+--- a/src/img/gifread.c
++++ b/src/img/gifread.c
+@@ -555,7 +555,7 @@ ReadImage(IOSTREAM *fd,
+   int xpos = 0, ypos = 0, pass = 0;
+   long curidx;
+ 
+-  if (!ReadOK(fd, &c, 1))
++  if ( !ReadOK(fd, &c, 1) || c > MAX_LZW_BITS )
+   { return GIF_INVALID;
+   }
+   if (LZWReadByte(fd, TRUE, c) < 0)

More information about the scm-commits mailing list