b874ab977f
"Multiple buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to execute arbitrary code via certain image files." (1.9.15 is also affected) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026 Patch from Pavel Kankovsky.
23 lines
614 B
Text
23 lines
614 B
Text
$NetBSD: patch-an,v 1.1 2004/12/10 09:30:42 salo Exp $
|
|
|
|
--- gdk_imlib/misc.c.orig 2002-03-04 18:06:32.000000000 +0100
|
|
+++ gdk_imlib/misc.c 2004-12-10 10:15:22.000000000 +0100
|
|
@@ -1355,11 +1355,16 @@
|
|
|
|
/*
|
|
* Make sure we don't wrap on our memory allocations
|
|
+ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp
|
|
+ * + 3 is safety margin
|
|
*/
|
|
|
|
void *_gdk_malloc_image(unsigned int w, unsigned int h)
|
|
{
|
|
- if( w > 32767 || h > 32767)
|
|
+ if (w <= 0 || w > 32767 ||
|
|
+ h <= 0 || h > 32767 ||
|
|
+ h >= (G_MAXINT/4 - 1) / w)
|
|
return NULL;
|
|
- return malloc(w * h * 3);
|
|
+ return malloc(w * h * 3 + 3);
|
|
}
|
|
+
|