Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-libs/imlib2/files/imlib2-1.4.8-gif-oob.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/imlib2/files/imlib2-1.4.8-gif-oob.patch')
-rw-r--r--media-libs/imlib2/files/imlib2-1.4.8-gif-oob.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/media-libs/imlib2/files/imlib2-1.4.8-gif-oob.patch b/media-libs/imlib2/files/imlib2-1.4.8-gif-oob.patch
new file mode 100644
index 000000000000..ed297579e226
--- /dev/null
+++ b/media-libs/imlib2/files/imlib2-1.4.8-gif-oob.patch
@@ -0,0 +1,39 @@
+From 16de244bd03d2f75da6508feb1ad9cb4e668e9dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernhardu@vr-web.de>
+Date: Sat, 2 Apr 2016 13:05:21 -0400
+Subject: [PATCH] gif: fix oob reads w/bad colormaps
+
+Verify the color map is inbounds before indexing with it.
+
+https://bugs.debian.org/785369
+---
+ src/modules/loaders/loader_gif.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
+index 638df59..7bdf29c 100644
+--- a/src/modules/loaders/loader_gif.c
++++ b/src/modules/loaders/loader_gif.c
+@@ -170,9 +170,16 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
+ }
+ else
+ {
+- r = cmap->Colors[rows[i][j]].Red;
+- g = cmap->Colors[rows[i][j]].Green;
+- b = cmap->Colors[rows[i][j]].Blue;
++ if (rows[i][j] < cmap->ColorCount)
++ {
++ r = cmap->Colors[rows[i][j]].Red;
++ g = cmap->Colors[rows[i][j]].Green;
++ b = cmap->Colors[rows[i][j]].Blue;
++ }
++ else
++ {
++ r = g = b = 0;
++ }
+ *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b;
+ }
+ per += per_inc;
+--
+2.7.4
+