[BACK]Return to patch-ai CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / graphics / imlib / patches

File: [cvs.NetBSD.org] / pkgsrc / graphics / imlib / patches / patch-ai (download)

Revision 1.2, Fri Dec 10 09:30:42 2004 UTC (14 years, 10 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1, pkgsrc-2005Q4-base, pkgsrc-2005Q4, pkgsrc-2005Q3-base, pkgsrc-2005Q3, pkgsrc-2005Q2-base, pkgsrc-2005Q2, pkgsrc-2005Q1-base, pkgsrc-2005Q1, pkgsrc-2004Q4-base, pkgsrc-2004Q4, pkgsrc-, cwrapper, cube-native-xorg-base, cube-native-xorg, HEAD
Changes since 1.1: +14 -4 lines

Bump PKGREVISION, security fix:

"Multiple buffer overflows in imlib 1.9.14 and earlier, which is used by
gkrellm and several window managers, allow remote attackers to execute
arbitrary code via certain image files."  (1.9.15 is also affected)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026

Patch from Pavel Kankovsky.

$NetBSD: patch-ai,v 1.2 2004/12/10 09:30:42 salo Exp $

--- gdk_imlib/io-ppm.c.orig	2002-03-04 18:06:29.000000000 +0100
+++ gdk_imlib/io-ppm.c	2004-12-10 10:00:56.000000000 +0100
@@ -50,15 +50,15 @@
       if (s[0] != '#')
 	{
 	  done = 0;
-	  sscanf(s, "%i %i", w, h);
+	  sscanf(s, "%d %d", w, h);
 	  a = *w;
 	  b = *h;
-	  if (a > 32767)
+	  if (a <= 0 || a > 32767)
 	    {
 	      fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n");
 	      return NULL;
 	    }
-	  if (b > 32767)
+	  if (b <= 0 || b > 32767)
 	    {
 	      fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n");
 	      return NULL;
@@ -66,7 +66,7 @@
 	  if (!bw)
 	    {
 	      fgets(s, 256, f);
-	      sscanf(s, "%i", &scale);
+	      sscanf(s, "%d", &scale);
 	    }
 	  else
 	    scale = 99999;