/[packages]/updates/6/gimp/current/SOURCES/790783-buffer-overread-in-XCF-parser-if-version-fiel.patch |
Parent Directory | Revision Log
add patches from debian to fix CVE-2017-1778[4-9]
1 | From: Hanno Boeck <hanno@hboeck.de> |
2 | Date: Mon, 27 Nov 2017 00:37:29 +0100 |
3 | Subject: 790783 - buffer overread in XCF parser if version field... |
4 | Origin: https://git.gnome.org/browse/GIMP/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 |
5 | Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17788 |
6 | Bug-Debian: https://bugs.debian.org/885347 |
7 | Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790783 |
8 | |
9 | ...has no null terminator |
10 | |
11 | Check for the presence of '\0' before using atoi() on the version |
12 | string. Patch slightly modified (mitch). |
13 | [carnil: backport to gimp-2-8: affected code in xcf_load_invoker] |
14 | --- |
15 | app/xcf/xcf.c | 3 ++- |
16 | 1 file changed, 2 insertions(+), 1 deletion(-) |
17 | |
18 | --- a/app/xcf/xcf.c |
19 | +++ b/app/xcf/xcf.c |
20 | @@ -318,7 +318,8 @@ xcf_load_invoker (GimpProcedure *pr |
21 | { |
22 | info.file_version = 0; |
23 | } |
24 | - else if (id[9] == 'v') |
25 | + else if (id[9] == 'v' && |
26 | + id[13] == '\0') |
27 | { |
28 | info.file_version = atoi (id + 10); |
29 | } |
ViewVC Help | |
Powered by ViewVC 1.1.30 |