diff options
author | Mike Frysinger <vapier@gentoo.org> | 2006-11-06 15:12:08 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2006-11-06 15:12:08 +0000 |
commit | 58e462013ddcbb5d0ec7fe21a749c40a2973e4b8 (patch) | |
tree | 9e738f16f7f84d41e8a2df922c616806e2e0a7c3 /media-libs/imlib2/files | |
parent | touchup mmx handling (diff) | |
download | gentoo-2-58e462013ddcbb5d0ec7fe21a749c40a2973e4b8.tar.gz gentoo-2-58e462013ddcbb5d0ec7fe21a749c40a2973e4b8.tar.bz2 gentoo-2-58e462013ddcbb5d0ec7fe21a749c40a2973e4b8.zip |
Version bump.
(Portage version: 2.1.2_rc1-r3)
Diffstat (limited to 'media-libs/imlib2/files')
-rw-r--r-- | media-libs/imlib2/files/digest-imlib2-1.3.0 | 3 | ||||
-rw-r--r-- | media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch | 254 |
2 files changed, 257 insertions, 0 deletions
diff --git a/media-libs/imlib2/files/digest-imlib2-1.3.0 b/media-libs/imlib2/files/digest-imlib2-1.3.0 new file mode 100644 index 000000000000..8a42d9c1fc7a --- /dev/null +++ b/media-libs/imlib2/files/digest-imlib2-1.3.0 @@ -0,0 +1,3 @@ +MD5 00b724fc6d2dcfa3045bb6a554bb2c8a imlib2-1.3.0.tar.gz 955862 +RMD160 272fc0a62699e0f0f690f4cc8418ac5c8e0ee615 imlib2-1.3.0.tar.gz 955862 +SHA256 1287fd4e12368211f609c016073de5d42a57bcdde93e46c26af75788153c2fd3 imlib2-1.3.0.tar.gz 955862 diff --git a/media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch b/media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch new file mode 100644 index 000000000000..176960cd639c --- /dev/null +++ b/media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch @@ -0,0 +1,254 @@ +To: enlightenment-cvs@lists.sourceforge.net +Subject: E CVS: libs/imlib2 raster +From: Enlightenment CVS <noreply@cvs.enlightenment.org> +Date: Sat, 4 Nov 2006 23:58:06 -0500 (EST) + +Enlightenment CVS committal + +Author : raster +Project : e17 +Module : libs/imlib2 + +Dir : e17/libs/imlib2/src/modules/loaders + + +Modified Files: + loader_argb.c loader_gif.c loader_jpeg.c loader_lbm.c + loader_png.c loader_pnm.c loader_tga.c loader_tiff.c + loader_xpm.c + + +Log Message: + + +fix width and height checks in case of buffer overflow. + +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_argb.c,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -u -3 -r1.2 -r1.3 +--- loader_argb.c 14 Dec 2004 03:50:46 -0000 1.2 ++++ loader_argb.c 5 Nov 2006 04:58:06 -0000 1.3 +@@ -47,6 +47,11 @@ + fclose(f); + return 0; + } ++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192)) ++ { ++ fclose(f); ++ return 0; ++ } + im->w = w; + im->h = h; + if (!im->format) +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_gif.c,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -u -3 -r1.2 -r1.3 +--- loader_gif.c 14 Dec 2004 03:50:46 -0000 1.2 ++++ loader_gif.c 5 Nov 2006 04:58:06 -0000 1.3 +@@ -72,6 +72,11 @@ + } + w = gif->Image.Width; + h = gif->Image.Height; ++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192)) ++ { ++ DGifCloseFile(gif); ++ return 0; ++ } + rows = malloc(h * sizeof(GifRowType *)); + if (!rows) + { +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_jpeg.c,v +retrieving revision 1.3 +retrieving revision 1.4 +diff -u -3 -r1.3 -r1.4 +--- loader_jpeg.c 7 Jan 2006 11:30:44 -0000 1.3 ++++ loader_jpeg.c 5 Nov 2006 04:58:06 -0000 1.4 +@@ -92,6 +92,12 @@ + { + im->w = w = cinfo.output_width; + im->h = h = cinfo.output_height; ++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192)) ++ { ++ jpeg_destroy_decompress(&cinfo); ++ fclose(f); ++ return 0; ++ } + UNSET_FLAG(im->flags, F_HAS_ALPHA); + im->format = strdup("jpeg"); + } +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_lbm.c,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -u -3 -r1.2 -r1.3 +--- loader_lbm.c 6 Sep 2006 07:09:05 -0000 1.2 ++++ loader_lbm.c 5 Nov 2006 04:58:06 -0000 1.3 +@@ -421,7 +421,10 @@ + + im->w = L2RWORD(ilbm.bmhd.data); + im->h = L2RWORD(ilbm.bmhd.data + 2); +- if (im->w <= 0 || im->h <= 0) ok = 0; ++ if ((im->w < 1) || (im->h < 1) || (im->w > 8192) || (im->h > 8192)) ++ { ++ ok = 0; ++ } + + ilbm.depth = ilbm.bmhd.data[8]; + if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */ +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_png.c,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -u -3 -r1.2 -r1.3 +--- loader_png.c 14 Dec 2004 03:50:46 -0000 1.2 ++++ loader_png.c 5 Nov 2006 04:58:06 -0000 1.3 +@@ -85,6 +85,13 @@ + &interlace_type, NULL, NULL); + im->w = (int)w32; + im->h = (int)h32; ++ if ((w32 < 1) || (h32 < 1) || (w32 > 8192) || (h32 > 8192)) ++ { ++ png_read_end(png_ptr, info_ptr); ++ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL); ++ fclose(f); ++ return 0; ++ } + if (color_type == PNG_COLOR_TYPE_PALETTE) + { + png_set_expand(png_ptr); +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_pnm.c,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -u -3 -r1.2 -r1.3 +--- loader_pnm.c 27 Dec 2004 21:05:31 -0000 1.2 ++++ loader_pnm.c 5 Nov 2006 04:58:06 -0000 1.3 +@@ -107,7 +107,7 @@ + } + } + } +- if ((w <= 0) || (w > 8192) || (h <= 0) || (h > 8192) || (v < 0) || (v > 255)) ++ if ((v < 0) || (v > 255)) + { + fclose(f); + return 0; +@@ -115,6 +115,11 @@ + + im->w = w; + im->h = h; ++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192)) ++ { ++ fclose(f); ++ return 0; ++ } + if (!im->format) + { + if (p == '8') +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_tga.c,v +retrieving revision 1.4 +retrieving revision 1.5 +diff -u -3 -r1.4 -r1.5 +--- loader_tga.c 4 Nov 2006 17:43:44 -0000 1.4 ++++ loader_tga.c 5 Nov 2006 04:58:06 -0000 1.5 +@@ -297,9 +297,8 @@ + im->w = (header->widthHi << 8) | header->widthLo; + im->h = (header->heightHi << 8) | header->heightLo; + +- if ((im->w > 32767) || (im->w < 1) || (im->h > 32767) || (im->h < 1)) ++ if ((im->w < 1) || (im->h < 1) || (im->w > 8192) || (im->h > 8192)) + { +- im->w = 0; + munmap(seg, ss.st_size); + close(fd); + return 0; +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_tiff.c,v +retrieving revision 1.7 +retrieving revision 1.8 +diff -u -3 -r1.7 -r1.8 +--- loader_tiff.c 28 May 2006 00:05:50 -0000 1.7 ++++ loader_tiff.c 5 Nov 2006 04:58:06 -0000 1.8 +@@ -75,11 +75,11 @@ + raster(TIFFRGBAImage_Extra * img, uint32 * rast, + uint32 x, uint32 y, uint32 w, uint32 h) + { +- uint32 image_width, image_height; ++ int image_width, image_height; + uint32 *pixel, pixel_value; + int i, j, dy, rast_offset; + DATA32 *buffer_pixel, *buffer = img->image->data; +- int alpha_premult = (EXTRASAMPLE_UNASSALPHA==img->rgba.alpha); ++ int alpha_premult; + + image_width = img->image->w; + image_height = img->image->h; +@@ -91,6 +91,8 @@ + /* I don't understand why, but that seems to be what's going on. */ + /* libtiff needs better docs! */ + ++ if (img->rgba.alpha == EXTRASAMPLE_UNASSALPHA) ++ alpha_premult = 1; + for (i = y, rast_offset = 0; i > dy; i--, rast_offset--) + { + pixel = rast + (rast_offset * image_width); +@@ -204,6 +206,12 @@ + rgba_image.image = im; + im->w = width = rgba_image.rgba.width; + im->h = height = rgba_image.rgba.height; ++ if ((width < 1) || (height < 1) || (width > 8192) || (height > 8192)) ++ { ++ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image); ++ TIFFClose(tif); ++ return 0; ++ } + rgba_image.num_pixels = num_pixels = width * height; + if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED) + SET_FLAG(im->flags, F_HAS_ALPHA); +@@ -397,8 +405,9 @@ + + if (has_alpha) + { ++ uint16 extras[] = { EXTRASAMPLE_ASSOCALPHA }; + TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, 4); +- TIFFSetField(tif, TIFFTAG_EXTRASAMPLES, EXTRASAMPLE_ASSOCALPHA); ++ TIFFSetField(tif, TIFFTAG_EXTRASAMPLES, 1, extras); + } + else + { +=================================================================== +RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_xpm.c,v +retrieving revision 1.5 +retrieving revision 1.6 +diff -u -3 -r1.5 -r1.6 +--- loader_xpm.c 20 Oct 2006 18:03:15 -0000 1.5 ++++ loader_xpm.c 5 Nov 2006 04:58:06 -0000 1.6 +@@ -211,19 +211,19 @@ + xpm_parse_done(); + return 0; + } +- if ((w > 32767) || (w < 1)) ++ if ((w > 8192) || (w < 1)) + { + fprintf(stderr, +- "IMLIB ERROR: Image width > 32767 or < 1 pixels for file\n"); ++ "IMLIB ERROR: Image width > 8192 or < 1 pixels for file\n"); + free(line); + fclose(f); + xpm_parse_done(); + return 0; + } +- if ((h > 32767) || (h < 1)) ++ if ((h > 8192) || (h < 1)) + { + fprintf(stderr, +- "IMLIB ERROR: Image height > 32767 or < 1 pixels for file\n"); ++ "IMLIB ERROR: Image height > 8192 or < 1 pixels for file\n"); + free(line); + fclose(f); + xpm_parse_done(); |