rpms / libgxps

Clone
Source Code
GIT

Blame SOURCES/libgxps-0.3.0-integer-overflow.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   libgxps-0.3.0-integer-overflow.patch
Blob History Raw
e4b13e 
From 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 Mon Sep 17 00:00:00 2001
e4b13e 
From: Carlos Garcia Campos <carlosgc@gnome.org>
e4b13e 
Date: Fri, 8 Dec 2017 11:11:38 +0100
e4b13e 
Subject: [PATCH 1/2] gxps-images: fix integer overflow in png decoder
e4b13e
e4b13e 
---
e4b13e 
 libgxps/gxps-images.c | 2 +-
e4b13e 
 1 file changed, 1 insertion(+), 1 deletion(-)
e4b13e
e4b13e 
diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
e4b13e 
index 98c7052..19cb1c0 100644
e4b13e 
--- a/libgxps/gxps-images.c
e4b13e 
+++ b/libgxps/gxps-images.c
e4b13e 
@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip,
e4b13e 
 	}
e4b13e
e4b13e 
 	stride = cairo_format_stride_for_width (format, png_width);
e4b13e 
-	if (stride < 0) {
e4b13e 
+	if (stride < 0 || png_height >= INT_MAX / stride) {
e4b13e 
 		fill_png_error (error, image_uri, NULL);
e4b13e 
 		g_object_unref (stream);
e4b13e 
 		png_destroy_read_struct (&png, &info, NULL);
e4b13e 
--
e4b13e 
2.17.1
e4b13e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation