rpms/gimp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avoid buffer overflow in sunras plugin (#238422)

Browse Source
This commit is contained in:
Nils Philippsen 2007-04-30 15:23:50 +00:00
parent 0590e2fd87
commit bfaa990887
2 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
gimp-2.2.14-sunras-overflow.patch Normal file
View File

@ -0,0 +1,59 @@
--- gimp-2.2.14/ChangeLog.sunras-overflow 2007-04-17 23:58:21.000000000 +0200
+++ gimp-2.2.14/ChangeLog 2007-04-30 15:38:06.000000000 +0200
@@ -0,0 +1,7 @@
+2007-04-27 Sven Neumann <sven@gimp.org>
+
+ Merged from trunk:
+
+ * plug-ins/common/sunras.c (set_color_table): guard against a
+ possible stack overflow.
+
--- gimp-2.2.14/plug-ins/common/sunras.c.sunras-overflow 2007-04-17 23:11:23.000000000 +0200
+++ gimp-2.2.14/plug-ins/common/sunras.c 2007-04-30 15:36:33.000000000 +0200
@@ -102,8 +102,7 @@
gint32 image_ID,
gint32 drawable_ID);
-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
-
+static void set_color_table (gint32, L_SUNFILEHEADER *, const guchar *);
static gint32 create_new_image (const gchar *filename,
guint width,
guint height,
@@ -865,19 +864,20 @@
static void
set_color_table (gint32 image_ID,
L_SUNFILEHEADER *sunhdr,
- guchar *suncolmap)
+ const guchar *suncolmap)
{
- int ncols, j;
- guchar ColorMap[256*3];
+ guchar ColorMap[256 * 3];
+ gint ncols, j;
ncols = sunhdr->l_ras_maplength / 3;
- if (ncols <= 0) return;
+ if (ncols <= 0)
+ return;
- for (j = 0; j < ncols; j++)
+ for (j = 0; j < MIN (ncols, 256); j++)
{
- ColorMap[j*3] = suncolmap[j];
- ColorMap[j*3+1] = suncolmap[j+ncols];
- ColorMap[j*3+2] = suncolmap[j+2*ncols];
+ ColorMap[j * 3 + 0] = suncolmap[j];
+ ColorMap[j * 3 + 1] = suncolmap[j + ncols];
+ ColorMap[j * 3 + 2] = suncolmap[j + 2 * ncols];
}
#ifdef DEBUG
@@ -886,6 +886,7 @@
printf ("%3d: 0x%02x 0x%02x 0x%02x\n", j,
ColorMap[j*3], ColorMap[j*3+1], ColorMap[j*3+2]);
#endif
+
gimp_image_set_colormap (image_ID, ColorMap, ncols);
}

7
gimp.spec
View File

@ -43,7 +43,7 @@ Version: 2.2.14
%define age 0 %define age 0
%define minorver 200 %define minorver 200
%define microver %(ver=%{version}; echo ${ver##*.*.}) %define microver %(ver=%{version}; echo ${ver##*.*.})
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 2 Epoch: 2
License: GPL, LGPL License: GPL, LGPL
Group: Applications/Multimedia Group: Applications/Multimedia
@ -102,6 +102,7 @@ Patch2: gimp-2.2.3-icontheme.patch
Patch4: gimp-2.2.4-gifload.patch Patch4: gimp-2.2.4-gifload.patch
Patch5: gimp-2.2.11-htmlview.patch Patch5: gimp-2.2.11-htmlview.patch
Patch6: gimp-2.2.11-gimptool.patch Patch6: gimp-2.2.11-gimptool.patch
Patch7: gimp-2.2.14-sunras-overflow.patch
%description %description
GIMP (GNU Image Manipulation Program) is a powerful image composition and GIMP (GNU Image Manipulation Program) is a powerful image composition and
@ -156,6 +157,7 @@ EOF
%patch4 -p1 -b .gifload %patch4 -p1 -b .gifload
%patch5 -p1 -b .htmlview %patch5 -p1 -b .htmlview
%patch6 -p1 -b .gimptool %patch6 -p1 -b .gimptool
%patch7 -p1 -b .sunras-overflow
%build %build
libtoolize --copy --force libtoolize --copy --force
@ -408,6 +410,9 @@ fi
%{_libdir}/pkgconfig/* %{_libdir}/pkgconfig/*
%changelog %changelog
* Mon Apr 30 2007 Nils Philippsen <nphilipp@redhat.com> - 2:2.2.14-2
- avoid buffer overflow in sunras plugin (#238422)
* Tue Apr 24 2007 Nils Philippsen <nphilipp@redhat.com> - 2:2.2.14-1 * Tue Apr 24 2007 Nils Philippsen <nphilipp@redhat.com> - 2:2.2.14-1
- version 2.2.14 - version 2.2.14