freebsd-ports/graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff
Thierry Thomas f9f2dde96d Import a patch from Gentoo bug #127008 to fix CVE-2006-1060.
Security:	VuXML ID: a813a219-d2d4-11da-a672-000e0c2e438a
2006-10-08 21:26:27 +00:00

69 lines
1.7 KiB
Diff

--- src/readjpeg.c.orig Sun Oct 31 15:54:26 2004
+++ src/readjpeg.c Sun Oct 8 22:43:59 2006
@@ -92,11 +92,18 @@
int *real_width,int *real_height)
{
static FILE *in;
+/*
+Patch imported from Gentoo Bug #127008 to fix CVE-2006-1060
+VuXML ID a813a219-d2d4-11da-a672-000e0c2e438a
+<http://bugs.gentoo.org/show_bug.cgi?id=127008>
+*/
+static int cmyk;
struct my_error_mgr jerr;
int row_stride; /* physical row width in output buffer */
int tmp,f;
-unsigned char *ptr;
+unsigned char *ptr,*ptr2;
+cmyk=0;
use_errmsg=0;
theimage=NULL;
howfar=howfarfunc;
@@ -161,6 +168,15 @@
pal[f]=pal[256+f]=pal[512+f]=f;
}
+if(cinfo.jpeg_color_space==JCS_CMYK)
+ cmyk=1;
+
+if(cinfo.jpeg_color_space==JCS_YCCK)
+ {
+ cmyk=1;
+ cinfo.out_color_space=JCS_CMYK;
+ }
+
width=cinfo.image_width;
height=cinfo.image_height;
@@ -191,7 +207,7 @@
}
if(WH_BAD(width,height) ||
- (theimage=(byte *)malloc(pixelsize*width*height))==NULL)
+ (theimage=(byte *)malloc(pixelsize*width*(height+cmyk)))==NULL)
{
jpegerr("Out of memory"); /* XXX misleading if width/height are bad */
longjmp(jerr.setjmp_buffer,1);
@@ -222,7 +238,20 @@
while(cinfo.output_scanline<height)
{
jpeg_read_scanlines(&cinfo,&ptr,1);
- for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; }
+ if(!cmyk)
+ for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; }
+ else
+ {
+ ptr2=ptr;
+ for(f=0;f<width;f++,ptr+=3,ptr2+=4)
+ {
+ tmp=ptr2[3];
+ ptr[0]=(tmp*ptr2[2])/255;
+ ptr[1]=(tmp*ptr2[1])/255;
+ ptr[2]=(tmp*ptr2[0])/255;
+ }
+ }
+
if(howfar!=NULL) howfar(cinfo.output_scanline,height);
}