kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/graphics/imlib2/patches/patch-cb
drochner f7d5b705e2 fix some insufficient validation of graphics files, patches from Ubuntu 
(CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809)
update to 1.3.0 (no changelog available)
2006-11-24 12:46:12 +00:00

18 lines
632 B
Text
Raw Blame History

$NetBSD: patch-cb,v 1.1 2006/11/24 12:46:12 drochner Exp $
--- src/modules/loaders/loader_jpeg.c.orig 2006-09-05 02:37:07.000000000 +0200
+++ src/modules/loaders/loader_jpeg.c
@@ -95,6 +95,13 @@ load(ImlibImage * im, ImlibProgressFunct
UNSET_FLAG(im->flags, F_HAS_ALPHA);
im->format = strdup("jpeg");
}
+ if (w < 1 || h < 1 || w > 16383 || h > 16383)
+ {
+ im->w = im->h = 0;
+ jpeg_destroy_decompress(&cinfo);
+ fclose(f);
+ return 0;
+ }
if (((!im->data) && (im->loader)) || (immediate_load) || (progress))
{
DATA8 *ptr, *line[16], *data;
Reference in a new issue View git blame Copy permalink