fd011562ca
"David Costanzo has reported a vulnerability in GdkPixbuf, which can be exploited by malicious people to crash certain applications on a user's system. The vulnerability is caused due to a double free error in the BMP loader. This can be exploited to crash an application linked against GdkPixbuf when a specially crafted BMP image is processed." Bump PKGREVISION. Patch from Fedora.
20 lines
581 B
Text
20 lines
581 B
Text
$NetBSD: patch-ak,v 1.1 2005/04/01 11:37:23 salo Exp $
|
|
|
|
--- gdk-pixbuf/io-bmp.c.orig 2002-09-27 23:12:40.000000000 +0200
|
|
+++ gdk-pixbuf/io-bmp.c 2005-04-01 13:05:14.000000000 +0200
|
|
@@ -245,7 +245,14 @@
|
|
static gboolean
|
|
grow_buffer (struct bmp_progressive_state *State)
|
|
{
|
|
- guchar *tmp = realloc (State->buff, State->BufferSize);
|
|
+ guchar *tmp;
|
|
+
|
|
+ if (State->BufferSize == 0) {
|
|
+ State->read_state = READ_STATE_ERROR;
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
+ tmp = realloc (State->buff, State->BufferSize);
|
|
if (!tmp) {
|
|
State->read_state = READ_STATE_ERROR;
|
|
return FALSE;
|