rpms / gdk-pixbuf2

Clone
Source Code
GIT

Blame SOURCES/gif-lzw-code-size-overflow.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c9 c9-beta
  1.   82b134598ff030ad4663ae14a5f4bd040a5ce7c5
  2.   SOURCES
  3.   gif-lzw-code-size-overflow.patch
Blob History Raw
82b134 
From 76eda67dbc3f48c9dd6815a5aaf6014ea4a16771 Mon Sep 17 00:00:00 2001
82b134 
From: Robert Ancell <robert.ancell@canonical.com>
82b134 
Date: Wed, 2 Feb 2022 12:36:08 +1300
82b134 
Subject: [PATCH 1/4] Fix test GIF that was broken in the LZW code size, not
82b134 
 the values of the pixels
82b134
82b134 
---
82b134 
 .../test-images/gif-test-suite/invalid-colors.gif | Bin 37 -> 35 bytes
82b134 
 1 file changed, 0 insertions(+), 0 deletions(-)
82b134
82b134 
diff --git a/tests/test-images/gif-test-suite/invalid-colors.gif b/tests/test-images/gif-test-suite/invalid-colors.gif
82b134 
index c3111525ac2d977a0dbedf917f2beae610b614f8..6c3a7240e6ba58c344051351eb3581887fa314c7 100644
82b134 
GIT binary patch
82b134 
delta 11
82b134 
ScmY#Yo*>J{%%s7|U=08YGy!b@
82b134
82b134 
delta 13
82b134 
UcmY#ZogmA>!}4E&fr-Hy01|-$Y5)KL
82b134
82b134 
--
82b134 
GitLab
82b134
82b134
82b134 
From 0cf97225c9c227d11fc4ddf9cba8e8480672ee1b Mon Sep 17 00:00:00 2001
82b134 
From: Robert Ancell <robert.ancell@canonical.com>
82b134 
Date: Wed, 2 Feb 2022 12:38:45 +1300
82b134 
Subject: [PATCH 2/4] Add an assertion that checks for maximum LZW code size
82b134
82b134 
---
82b134 
 gdk-pixbuf/lzw.c | 2 ++
82b134 
 1 file changed, 2 insertions(+)
82b134
82b134 
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
82b134 
index 105daf2b1..15293560b 100644
82b134 
--- a/gdk-pixbuf/lzw.c
82b134 
+++ b/gdk-pixbuf/lzw.c
82b134 
@@ -121,6 +121,8 @@ lzw_decoder_new (guint8 code_size)
82b134 
         LZWDecoder *self;
82b134 
         int i;
82b134
82b134 
+        g_return_val_if_fail (code_size <= LZW_CODE_MAX, NULL);
82b134 
+
82b134 
         self = g_object_new (lzw_decoder_get_type (), NULL);
82b134
82b134 
         self->min_code_size = code_size;
82b134 
--
82b134 
GitLab
82b134
82b134
82b134 
From 19ebba03117aefc9d0312f675f3a210ffdcc4907 Mon Sep 17 00:00:00 2001
82b134 
From: Robert Ancell <robert.ancell@canonical.com>
82b134 
Date: Wed, 2 Feb 2022 14:03:13 +1300
82b134 
Subject: [PATCH 3/4] Fix the check for maximum value of LZW initial code size.
82b134
82b134 
This value is the number of bits for each symbol (i.e. colour index) decoded via LZW.
82b134 
The maximum LZW code is specified as 12 bits, so the value here can only be 11 as two additional code words are required (clear and end of information) that immediately uses an additional bit.
82b134 
This implementation has always been wrong, and the Firefox implementation has the same issue so it seems a common misinterpretation of the spec.
82b134 
This has been changed here to avoid an assertion later in the LZW decoder.
82b134 
Note that there is never any reason for a GIF to be encoded with more than 8 bits of colour information, as the colour tables only support up to 8 bits.
82b134 
---
82b134 
 gdk-pixbuf/io-gif.c | 4 ++--
82b134 
 1 file changed, 2 insertions(+), 2 deletions(-)
82b134
82b134 
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
82b134 
index 1befba155..310bdff6a 100644
82b134 
--- a/gdk-pixbuf/io-gif.c
82b134 
+++ b/gdk-pixbuf/io-gif.c
82b134 
@@ -499,8 +499,8 @@ gif_prepare_lzw (GifContext *context)
82b134 
 		/*g_message (_("GIF: EOF / read error on image data\n"));*/
82b134 
 		return -1;
82b134 
 	}
82b134 
-
82b134 
-        if (context->lzw_set_code_size > 12) {
82b134 
+
82b134 
+        if (context->lzw_set_code_size >= 12) {
82b134 
                 g_set_error_literal (context->error,
82b134 
                                      GDK_PIXBUF_ERROR,
82b134 
                                      GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
82b134 
--
82b134 
GitLab
82b134
82b134
82b134 
From 449441210921c8ed417b0c4d5edbccd2d57e23f8 Mon Sep 17 00:00:00 2001
82b134 
From: Robert Ancell <robert.ancell@canonical.com>
82b134 
Date: Wed, 2 Feb 2022 14:19:06 +1300
82b134 
Subject: [PATCH 4/4] Add tests for GIF files with invalid LZW code sizes
82b134
82b134 
---
82b134 
 tests/test-images/fail/overflow-codes-max.gif      | Bin 0 -> 65 bytes
82b134 
 tests/test-images/fail/overflow-codes.gif          | Bin 0 -> 35 bytes
82b134 
 tests/test-images/gif-test-suite/TESTS             |   2 ++
82b134 
 tests/test-images/gif-test-suite/invalid-code.conf |  11 +++++++++++
82b134 
 tests/test-images/gif-test-suite/invalid-code.gif  | Bin 0 -> 35 bytes
82b134 
 .../gif-test-suite/overflow-codes-max.conf         |  11 +++++++++++
82b134 
 .../gif-test-suite/overflow-codes-max.gif          | Bin 0 -> 65 bytes
82b134 
 .../test-images/gif-test-suite/overflow-codes.conf |  11 +++++++++++
82b134 
 .../test-images/gif-test-suite/overflow-codes.gif  | Bin 0 -> 35 bytes
82b134 
 9 files changed, 35 insertions(+)
82b134 
 create mode 100644 tests/test-images/fail/overflow-codes-max.gif
82b134 
 create mode 100644 tests/test-images/fail/overflow-codes.gif
82b134 
 create mode 100644 tests/test-images/gif-test-suite/invalid-code.conf
82b134 
 create mode 100644 tests/test-images/gif-test-suite/invalid-code.gif
82b134 
 create mode 100644 tests/test-images/gif-test-suite/overflow-codes-max.conf
82b134 
 create mode 100644 tests/test-images/gif-test-suite/overflow-codes-max.gif
82b134 
 create mode 100644 tests/test-images/gif-test-suite/overflow-codes.conf
82b134 
 create mode 100644 tests/test-images/gif-test-suite/overflow-codes.gif
82b134
82b134 
diff --git a/tests/test-images/fail/overflow-codes-max.gif b/tests/test-images/fail/overflow-codes-max.gif
82b134 
new file mode 100644
82b134 
index 0000000000000000000000000000000000000000..3d507ca7daa790c9370e69a2ab277f55d749a013
82b134 
GIT binary patch
82b134 
literal 65
82b134 
ncmZ?wbhEHbWMW`q_`m=H|NsBj0ns24hW`ozAU1Bm$Y2csUc3i2
82b134
82b134 
literal 0
82b134 
HcmV?d00001
82b134
82b134 
diff --git a/tests/test-images/fail/overflow-codes.gif b/tests/test-images/fail/overflow-codes.gif
82b134 
new file mode 100644
82b134 
index 0000000000000000000000000000000000000000..c38053872ae2e3378ff6fb8f3eaff839fa5d35ed
82b134 
GIT binary patch
82b134 
literal 35
82b134 
jcmZ?wbhEHbWMW`q_`m=H|NsBj0ns241|B8>Mh0sDhc^Z!
82b134
82b134 
literal 0
82b134 
HcmV?d00001
82b134
82b134 
diff --git a/tests/test-images/gif-test-suite/TESTS b/tests/test-images/gif-test-suite/TESTS
82b134 
index 1d4a3f13f..bc573acf4 100644
82b134 
--- a/tests/test-images/gif-test-suite/TESTS
82b134 
+++ b/tests/test-images/gif-test-suite/TESTS
82b134 
@@ -44,6 +44,8 @@ max-height
82b134 
 255-codes
82b134 
 large-codes
82b134 
 max-codes
82b134 
+#overflow-codes
82b134 
+#overflow-codes-max
82b134 
 transparent
82b134 
 invalid-transparent
82b134 
 disabled-transparent
82b134 
diff --git a/tests/test-images/gif-test-suite/invalid-code.conf b/tests/test-images/gif-test-suite/invalid-code.conf
82b134 
new file mode 100644
82b134 
index 000000000..3bf287b4e
82b134 
--- /dev/null
82b134 
+++ b/tests/test-images/gif-test-suite/invalid-code.conf
82b134 
@@ -0,0 +1,11 @@
82b134 
+# Automatically generated, do not edit!
82b134 
+[config]
82b134 
+input = invalid-code.gif
82b134 
+version = GIF89a
82b134 
+width = 2
82b134 
+height = 2
82b134 
+background = #000000
82b134 
+loop-count = 0
82b134 
+force-animation = no
82b134 
+frames =
82b134 
+
82b134 
diff --git a/tests/test-images/gif-test-suite/invalid-code.gif b/tests/test-images/gif-test-suite/invalid-code.gif
82b134 
new file mode 100644
82b134 
index 0000000000000000000000000000000000000000..7d929c9431c0c5b7cd53f636f7711d47385f88b2
82b134 
GIT binary patch
82b134 
literal 35
82b134 
jcmZ?wbhEHbWMW`q_`m=H|NsBj0ns241}3Ke{~4?Sjj;#^
82b134
82b134 
literal 0
82b134 
HcmV?d00001
82b134
82b134 
diff --git a/tests/test-images/gif-test-suite/overflow-codes-max.conf b/tests/test-images/gif-test-suite/overflow-codes-max.conf
82b134 
new file mode 100644
82b134 
index 000000000..f6d3f38d8
82b134 
--- /dev/null
82b134 
+++ b/tests/test-images/gif-test-suite/overflow-codes-max.conf
82b134 
@@ -0,0 +1,11 @@
82b134 
+# Automatically generated, do not edit!
82b134 
+[config]
82b134 
+input = overflow-codes-max.gif
82b134 
+version = GIF89a
82b134 
+width = 2
82b134 
+height = 2
82b134 
+background = #000000
82b134 
+loop-count = 0
82b134 
+force-animation = no
82b134 
+frames =
82b134 
+
82b134 
diff --git a/tests/test-images/gif-test-suite/overflow-codes-max.gif b/tests/test-images/gif-test-suite/overflow-codes-max.gif
82b134 
new file mode 100644
82b134 
index 0000000000000000000000000000000000000000..3d507ca7daa790c9370e69a2ab277f55d749a013
82b134 
GIT binary patch
82b134 
literal 65
82b134 
ncmZ?wbhEHbWMW`q_`m=H|NsBj0ns24hW`ozAU1Bm$Y2csUc3i2
82b134
82b134 
literal 0
82b134 
HcmV?d00001
82b134
82b134 
diff --git a/tests/test-images/gif-test-suite/overflow-codes.conf b/tests/test-images/gif-test-suite/overflow-codes.conf
82b134 
new file mode 100644
82b134 
index 000000000..19f57fa74
82b134 
--- /dev/null
82b134 
+++ b/tests/test-images/gif-test-suite/overflow-codes.conf
82b134 
@@ -0,0 +1,11 @@
82b134 
+# Automatically generated, do not edit!
82b134 
+[config]
82b134 
+input = overflow-codes.gif
82b134 
+version = GIF89a
82b134 
+width = 2
82b134 
+height = 2
82b134 
+background = #000000
82b134 
+loop-count = 0
82b134 
+force-animation = no
82b134 
+frames =
82b134 
+
82b134 
diff --git a/tests/test-images/gif-test-suite/overflow-codes.gif b/tests/test-images/gif-test-suite/overflow-codes.gif
82b134 
new file mode 100644
82b134 
index 0000000000000000000000000000000000000000..c38053872ae2e3378ff6fb8f3eaff839fa5d35ed
82b134 
GIT binary patch
82b134 
literal 35
82b134 
jcmZ?wbhEHbWMW`q_`m=H|NsBj0ns241|B8>Mh0sDhc^Z!
82b134
82b134 
literal 0
82b134 
HcmV?d00001
82b134
82b134 
--
82b134 
GitLab
82b134

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation