- Security fix

fix out of bound error, introduced in jumbo2 patch Reported by: naddy (Christian Weisgerber) Submitted by: Patrick Keshishian Obtained from: openbsd Feature safe: yes
svn path=/head/; revision=242057
2009-09-25 06:21:42 +00:00 · 2009-09-25 06:21:42 +00:00 · ba1248c3ca · 2021-03-31 03:12:20 +00:00
commit ba1248c3ca
parent 3869973c5d
2 changed files with 22 additions and 1 deletions
--- a/graphics/xv/Makefile
+++ b/graphics/xv/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	xv
 PORTVERSION=	3.10a
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES+=	graphics
 MASTER_SITES=	ftp://ftp.cis.upenn.edu/pub/xv/:base \
 		SF/png-mng/XV%20jumbo%20patches/20070520
--- a/graphics/xv/files/patch-xvjpeg.c
+++ b/graphics/xv/files/patch-xvjpeg.c
@ -0,0 +1,21 @@
+$OpenBSD$
+--- xvjpeg.c.orig	Fri Aug 28 13:41:30 2009
+++ xvjpeg.c	Fri Aug 28 18:58:46 2009
+@@ -696,7 +696,7 @@ L2:
+         if ((cmy = *q++ - k) < 0) cmy = 0; *p++ = cmy; /* R */
+         if ((cmy = *q++ - k) < 0) cmy = 0; *p++ = cmy; /* G */
+         if ((cmy = *q++ - k) < 0) cmy = 0; *p++ = cmy; /* B */
+-      } while (++q <= pic_end);
+      } while (++q < pic_end);
+     }
+     else { /* assume normal data */
+       register byte *q = pic;
+@@ -707,7 +707,7 @@ L2:
+         if ((cmy = k - *q++) < 0) cmy = 0; *p++ = cmy; /* R */
+         if ((cmy = k - *q++) < 0) cmy = 0; *p++ = cmy; /* G */
+         if ((cmy = k - *q++) < 0) cmy = 0; *p++ = cmy; /* B */
+-      } while (++q <= pic_end);
+      } while (++q < pic_end);
+     }
+     pic = realloc(pic,p-pic); /* Release extra storage */
+   }