From bfaa9908874617a960ca4f4c5aec849848f8f64e Mon Sep 17 00:00:00 2001 From: Nils Philippsen Date: Mon, 30 Apr 2007 15:23:50 +0000 Subject: [PATCH] avoid buffer overflow in sunras plugin (#238422) --- gimp-2.2.14-sunras-overflow.patch | 59 +++++++++++++++++++++++++++++++ gimp.spec | 7 +++- 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 gimp-2.2.14-sunras-overflow.patch diff --git a/gimp-2.2.14-sunras-overflow.patch b/gimp-2.2.14-sunras-overflow.patch new file mode 100644 index 0000000..5a173c6 --- /dev/null +++ b/gimp-2.2.14-sunras-overflow.patch @@ -0,0 +1,59 @@ +--- gimp-2.2.14/ChangeLog.sunras-overflow 2007-04-17 23:58:21.000000000 +0200 ++++ gimp-2.2.14/ChangeLog 2007-04-30 15:38:06.000000000 +0200 +@@ -0,0 +1,7 @@ ++2007-04-27 Sven Neumann ++ ++ Merged from trunk: ++ ++ * plug-ins/common/sunras.c (set_color_table): guard against a ++ possible stack overflow. ++ +--- gimp-2.2.14/plug-ins/common/sunras.c.sunras-overflow 2007-04-17 23:11:23.000000000 +0200 ++++ gimp-2.2.14/plug-ins/common/sunras.c 2007-04-30 15:36:33.000000000 +0200 +@@ -102,8 +102,7 @@ + gint32 image_ID, + gint32 drawable_ID); + +-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *); +- ++static void set_color_table (gint32, L_SUNFILEHEADER *, const guchar *); + static gint32 create_new_image (const gchar *filename, + guint width, + guint height, +@@ -865,19 +864,20 @@ + static void + set_color_table (gint32 image_ID, + L_SUNFILEHEADER *sunhdr, +- guchar *suncolmap) ++ const guchar *suncolmap) + { +- int ncols, j; +- guchar ColorMap[256*3]; ++ guchar ColorMap[256 * 3]; ++ gint ncols, j; + + ncols = sunhdr->l_ras_maplength / 3; +- if (ncols <= 0) return; ++ if (ncols <= 0) ++ return; + +- for (j = 0; j < ncols; j++) ++ for (j = 0; j < MIN (ncols, 256); j++) + { +- ColorMap[j*3] = suncolmap[j]; +- ColorMap[j*3+1] = suncolmap[j+ncols]; +- ColorMap[j*3+2] = suncolmap[j+2*ncols]; ++ ColorMap[j * 3 + 0] = suncolmap[j]; ++ ColorMap[j * 3 + 1] = suncolmap[j + ncols]; ++ ColorMap[j * 3 + 2] = suncolmap[j + 2 * ncols]; + } + + #ifdef DEBUG +@@ -886,6 +886,7 @@ + printf ("%3d: 0x%02x 0x%02x 0x%02x\n", j, + ColorMap[j*3], ColorMap[j*3+1], ColorMap[j*3+2]); + #endif ++ + gimp_image_set_colormap (image_ID, ColorMap, ncols); + } + diff --git a/gimp.spec b/gimp.spec index 136d92d..2e99407 100644 --- a/gimp.spec +++ b/gimp.spec @@ -43,7 +43,7 @@ Version: 2.2.14 %define age 0 %define minorver 200 %define microver %(ver=%{version}; echo ${ver##*.*.}) -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 2 License: GPL, LGPL Group: Applications/Multimedia @@ -102,6 +102,7 @@ Patch2: gimp-2.2.3-icontheme.patch Patch4: gimp-2.2.4-gifload.patch Patch5: gimp-2.2.11-htmlview.patch Patch6: gimp-2.2.11-gimptool.patch +Patch7: gimp-2.2.14-sunras-overflow.patch %description GIMP (GNU Image Manipulation Program) is a powerful image composition and @@ -156,6 +157,7 @@ EOF %patch4 -p1 -b .gifload %patch5 -p1 -b .htmlview %patch6 -p1 -b .gimptool +%patch7 -p1 -b .sunras-overflow %build libtoolize --copy --force @@ -408,6 +410,9 @@ fi %{_libdir}/pkgconfig/* %changelog +* Mon Apr 30 2007 Nils Philippsen - 2:2.2.14-2 +- avoid buffer overflow in sunras plugin (#238422) + * Tue Apr 24 2007 Nils Philippsen - 2:2.2.14-1 - version 2.2.14