rpms / advancecomp

Clone
Source Code
GIT

Blame SOURCES/advancecomp-1.15-CVE-2019-9210-integer-overflow-in-png_compress.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   0fc6718ad0d961769d35779f7fbb765daeeca44a
  2.   SOURCES
  3.   advancecomp-1.15-CVE-2019-9210-integer-overflow-in-png_compress.patch
Blob History Raw
0fc671 
diff -up advancecomp-1.15/lib/png.c.me advancecomp-1.15/lib/png.c
0fc671 
--- advancecomp-1.15/lib/png.c.me	2019-06-11 13:17:33.265490986 +0200
0fc671 
+++ advancecomp-1.15/lib/png.c	2019-06-11 13:21:50.655818111 +0200
0fc671 
@@ -656,6 +656,11 @@ adv_error adv_png_read_ihdr(
0fc671 
 	}
0fc671 
 	*pix_pixel = pixel;
0fc671
0fc671 
+	if (width_align < width) {
0fc671 
+		error_unsupported_set("Invalid image size");
0fc671 
+		goto err;
0fc671 
+	}
0fc671 
+
0fc671 
 	if (data[10] != 0) { /* compression */
0fc671 
 		error_unsupported_set("Unsupported compression, %d instead of 0", (unsigned)data[10]);
0fc671 
 		goto err;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation