/[packages]/updates/5/gdk-pixbuf2.0/current/SOURCES/gdk-pixbuf-cve-2017-6312-ico-integer-overflow.patch
ViewVC logotype

Contents of /updates/5/gdk-pixbuf2.0/current/SOURCES/gdk-pixbuf-cve-2017-6312-ico-integer-overflow.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1186767 - (show annotations) (download)
Thu Dec 28 21:05:44 2017 UTC (6 years, 3 months ago) by luigiwalser
File size: 878 byte(s) 
- add patches from opensuse to fix CVE-2017-2862, CVE-2017-2870, CVE-2017-631[2-4]
- add patch from ubuntu to fix CVE-2017-6311
1 diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
2 index 924d3d1..3abf140 100644
3 --- a/gdk-pixbuf/io-ico.c
4 +++ b/gdk-pixbuf/io-ico.c
5 @@ -318,10 +318,7 @@ static void DecodeHeader(guchar *Data, gint Bytes,
6 return;
7 }
8
9 - /* We know how many bytes are in the "header" part. */
10 - State->HeaderSize = entry->DIBoffset + 40; /* 40 = sizeof(InfoHeader) */
11 -
12 - if (State->HeaderSize < 0) {
13 + if (entry->DIBoffset > G_MAXINT - 40) {
14 g_set_error (error,
15 GDK_PIXBUF_ERROR,
16 GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
17 @@ -329,6 +326,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
18 return;
19 }
20
21 + /* We know how many bytes are in the "header" part. */
22 + State->HeaderSize = entry->DIBoffset + 40;
23 +
24 if (State->HeaderSize>State->BytesInHeaderBuf) {
25 guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
26 if (!tmp) {
  ViewVC Help
Powered by ViewVC 1.1.30