summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2006-11-06 15:12:08 +0000
committerMike Frysinger <vapier@gentoo.org>2006-11-06 15:12:08 +0000
commit58e462013ddcbb5d0ec7fe21a749c40a2973e4b8 (patch)
tree9e738f16f7f84d41e8a2df922c616806e2e0a7c3 /media-libs/imlib2/files
parenttouchup mmx handling (diff)
downloadgentoo-2-58e462013ddcbb5d0ec7fe21a749c40a2973e4b8.tar.gz
gentoo-2-58e462013ddcbb5d0ec7fe21a749c40a2973e4b8.tar.bz2
gentoo-2-58e462013ddcbb5d0ec7fe21a749c40a2973e4b8.zip
Version bump.
(Portage version: 2.1.2_rc1-r3)
Diffstat (limited to 'media-libs/imlib2/files')
-rw-r--r--media-libs/imlib2/files/digest-imlib2-1.3.03
-rw-r--r--media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch254
2 files changed, 257 insertions, 0 deletions
diff --git a/media-libs/imlib2/files/digest-imlib2-1.3.0 b/media-libs/imlib2/files/digest-imlib2-1.3.0
new file mode 100644
index 000000000000..8a42d9c1fc7a
--- /dev/null
+++ b/media-libs/imlib2/files/digest-imlib2-1.3.0
@@ -0,0 +1,3 @@
+MD5 00b724fc6d2dcfa3045bb6a554bb2c8a imlib2-1.3.0.tar.gz 955862
+RMD160 272fc0a62699e0f0f690f4cc8418ac5c8e0ee615 imlib2-1.3.0.tar.gz 955862
+SHA256 1287fd4e12368211f609c016073de5d42a57bcdde93e46c26af75788153c2fd3 imlib2-1.3.0.tar.gz 955862
diff --git a/media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch b/media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch
new file mode 100644
index 000000000000..176960cd639c
--- /dev/null
+++ b/media-libs/imlib2/files/imlib2-1.3.0-buf-checks.patch
@@ -0,0 +1,254 @@
+To: enlightenment-cvs@lists.sourceforge.net
+Subject: E CVS: libs/imlib2 raster
+From: Enlightenment CVS <noreply@cvs.enlightenment.org>
+Date: Sat, 4 Nov 2006 23:58:06 -0500 (EST)
+
+Enlightenment CVS committal
+
+Author : raster
+Project : e17
+Module : libs/imlib2
+
+Dir : e17/libs/imlib2/src/modules/loaders
+
+
+Modified Files:
+ loader_argb.c loader_gif.c loader_jpeg.c loader_lbm.c
+ loader_png.c loader_pnm.c loader_tga.c loader_tiff.c
+ loader_xpm.c
+
+
+Log Message:
+
+
+fix width and height checks in case of buffer overflow.
+
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_argb.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -3 -r1.2 -r1.3
+--- loader_argb.c 14 Dec 2004 03:50:46 -0000 1.2
++++ loader_argb.c 5 Nov 2006 04:58:06 -0000 1.3
+@@ -47,6 +47,11 @@
+ fclose(f);
+ return 0;
+ }
++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
++ {
++ fclose(f);
++ return 0;
++ }
+ im->w = w;
+ im->h = h;
+ if (!im->format)
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_gif.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -3 -r1.2 -r1.3
+--- loader_gif.c 14 Dec 2004 03:50:46 -0000 1.2
++++ loader_gif.c 5 Nov 2006 04:58:06 -0000 1.3
+@@ -72,6 +72,11 @@
+ }
+ w = gif->Image.Width;
+ h = gif->Image.Height;
++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
++ {
++ DGifCloseFile(gif);
++ return 0;
++ }
+ rows = malloc(h * sizeof(GifRowType *));
+ if (!rows)
+ {
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_jpeg.c,v
+retrieving revision 1.3
+retrieving revision 1.4
+diff -u -3 -r1.3 -r1.4
+--- loader_jpeg.c 7 Jan 2006 11:30:44 -0000 1.3
++++ loader_jpeg.c 5 Nov 2006 04:58:06 -0000 1.4
+@@ -92,6 +92,12 @@
+ {
+ im->w = w = cinfo.output_width;
+ im->h = h = cinfo.output_height;
++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
++ {
++ jpeg_destroy_decompress(&cinfo);
++ fclose(f);
++ return 0;
++ }
+ UNSET_FLAG(im->flags, F_HAS_ALPHA);
+ im->format = strdup("jpeg");
+ }
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_lbm.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -3 -r1.2 -r1.3
+--- loader_lbm.c 6 Sep 2006 07:09:05 -0000 1.2
++++ loader_lbm.c 5 Nov 2006 04:58:06 -0000 1.3
+@@ -421,7 +421,10 @@
+
+ im->w = L2RWORD(ilbm.bmhd.data);
+ im->h = L2RWORD(ilbm.bmhd.data + 2);
+- if (im->w <= 0 || im->h <= 0) ok = 0;
++ if ((im->w < 1) || (im->h < 1) || (im->w > 8192) || (im->h > 8192))
++ {
++ ok = 0;
++ }
+
+ ilbm.depth = ilbm.bmhd.data[8];
+ if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_png.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -3 -r1.2 -r1.3
+--- loader_png.c 14 Dec 2004 03:50:46 -0000 1.2
++++ loader_png.c 5 Nov 2006 04:58:06 -0000 1.3
+@@ -85,6 +85,13 @@
+ &interlace_type, NULL, NULL);
+ im->w = (int)w32;
+ im->h = (int)h32;
++ if ((w32 < 1) || (h32 < 1) || (w32 > 8192) || (h32 > 8192))
++ {
++ png_read_end(png_ptr, info_ptr);
++ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL);
++ fclose(f);
++ return 0;
++ }
+ if (color_type == PNG_COLOR_TYPE_PALETTE)
+ {
+ png_set_expand(png_ptr);
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_pnm.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -3 -r1.2 -r1.3
+--- loader_pnm.c 27 Dec 2004 21:05:31 -0000 1.2
++++ loader_pnm.c 5 Nov 2006 04:58:06 -0000 1.3
+@@ -107,7 +107,7 @@
+ }
+ }
+ }
+- if ((w <= 0) || (w > 8192) || (h <= 0) || (h > 8192) || (v < 0) || (v > 255))
++ if ((v < 0) || (v > 255))
+ {
+ fclose(f);
+ return 0;
+@@ -115,6 +115,11 @@
+
+ im->w = w;
+ im->h = h;
++ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
++ {
++ fclose(f);
++ return 0;
++ }
+ if (!im->format)
+ {
+ if (p == '8')
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_tga.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -3 -r1.4 -r1.5
+--- loader_tga.c 4 Nov 2006 17:43:44 -0000 1.4
++++ loader_tga.c 5 Nov 2006 04:58:06 -0000 1.5
+@@ -297,9 +297,8 @@
+ im->w = (header->widthHi << 8) | header->widthLo;
+ im->h = (header->heightHi << 8) | header->heightLo;
+
+- if ((im->w > 32767) || (im->w < 1) || (im->h > 32767) || (im->h < 1))
++ if ((im->w < 1) || (im->h < 1) || (im->w > 8192) || (im->h > 8192))
+ {
+- im->w = 0;
+ munmap(seg, ss.st_size);
+ close(fd);
+ return 0;
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_tiff.c,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -3 -r1.7 -r1.8
+--- loader_tiff.c 28 May 2006 00:05:50 -0000 1.7
++++ loader_tiff.c 5 Nov 2006 04:58:06 -0000 1.8
+@@ -75,11 +75,11 @@
+ raster(TIFFRGBAImage_Extra * img, uint32 * rast,
+ uint32 x, uint32 y, uint32 w, uint32 h)
+ {
+- uint32 image_width, image_height;
++ int image_width, image_height;
+ uint32 *pixel, pixel_value;
+ int i, j, dy, rast_offset;
+ DATA32 *buffer_pixel, *buffer = img->image->data;
+- int alpha_premult = (EXTRASAMPLE_UNASSALPHA==img->rgba.alpha);
++ int alpha_premult;
+
+ image_width = img->image->w;
+ image_height = img->image->h;
+@@ -91,6 +91,8 @@
+ /* I don't understand why, but that seems to be what's going on. */
+ /* libtiff needs better docs! */
+
++ if (img->rgba.alpha == EXTRASAMPLE_UNASSALPHA)
++ alpha_premult = 1;
+ for (i = y, rast_offset = 0; i > dy; i--, rast_offset--)
+ {
+ pixel = rast + (rast_offset * image_width);
+@@ -204,6 +206,12 @@
+ rgba_image.image = im;
+ im->w = width = rgba_image.rgba.width;
+ im->h = height = rgba_image.rgba.height;
++ if ((width < 1) || (height < 1) || (width > 8192) || (height > 8192))
++ {
++ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image);
++ TIFFClose(tif);
++ return 0;
++ }
+ rgba_image.num_pixels = num_pixels = width * height;
+ if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED)
+ SET_FLAG(im->flags, F_HAS_ALPHA);
+@@ -397,8 +405,9 @@
+
+ if (has_alpha)
+ {
++ uint16 extras[] = { EXTRASAMPLE_ASSOCALPHA };
+ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, 4);
+- TIFFSetField(tif, TIFFTAG_EXTRASAMPLES, EXTRASAMPLE_ASSOCALPHA);
++ TIFFSetField(tif, TIFFTAG_EXTRASAMPLES, 1, extras);
+ }
+ else
+ {
+===================================================================
+RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_xpm.c,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -3 -r1.5 -r1.6
+--- loader_xpm.c 20 Oct 2006 18:03:15 -0000 1.5
++++ loader_xpm.c 5 Nov 2006 04:58:06 -0000 1.6
+@@ -211,19 +211,19 @@
+ xpm_parse_done();
+ return 0;
+ }
+- if ((w > 32767) || (w < 1))
++ if ((w > 8192) || (w < 1))
+ {
+ fprintf(stderr,
+- "IMLIB ERROR: Image width > 32767 or < 1 pixels for file\n");
++ "IMLIB ERROR: Image width > 8192 or < 1 pixels for file\n");
+ free(line);
+ fclose(f);
+ xpm_parse_done();
+ return 0;
+ }
+- if ((h > 32767) || (h < 1))
++ if ((h > 8192) || (h < 1))
+ {
+ fprintf(stderr,
+- "IMLIB ERROR: Image height > 32767 or < 1 pixels for file\n");
++ "IMLIB ERROR: Image height > 8192 or < 1 pixels for file\n");
+ free(line);
+ fclose(f);
+ xpm_parse_done();