rpms/gimp/devel gimp-2.2.14-sunras-overflow.patch, NONE, 1.1 gimp.spec, 1.120, 1.121

Mon Apr 30 15:23:52 UTC 2007

Author: nphilipp

Update of /cvs/dist/rpms/gimp/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1214

Modified Files:
	gimp.spec 
Added Files:
	gimp-2.2.14-sunras-overflow.patch 
Log Message:
avoid buffer overflow in sunras plugin (#238422)


gimp-2.2.14-sunras-overflow.patch:
 ChangeLog                |    7 +++++++
 plug-ins/common/sunras.c |   21 +++++++++++----------
 2 files changed, 18 insertions(+), 10 deletions(-)

--- NEW FILE gimp-2.2.14-sunras-overflow.patch ---
--- gimp-2.2.14/ChangeLog.sunras-overflow	2007-04-17 23:58:21.000000000 +0200
+++ gimp-2.2.14/ChangeLog	2007-04-30 15:38:06.000000000 +0200
@@ -0,0 +1,7 @@
+2007-04-27  Sven Neumann  <sven at gimp.org>
+
+	Merged from trunk:
+
+	* plug-ins/common/sunras.c (set_color_table): guard against a
+	possible stack overflow.
+
--- gimp-2.2.14/plug-ins/common/sunras.c.sunras-overflow	2007-04-17 23:11:23.000000000 +0200
+++ gimp-2.2.14/plug-ins/common/sunras.c	2007-04-30 15:36:33.000000000 +0200
@@ -102,8 +102,7 @@
                           gint32            image_ID,
                           gint32            drawable_ID);
 
-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
-
+static void   set_color_table  (gint32, L_SUNFILEHEADER *, const guchar *);
 static gint32 create_new_image (const gchar   *filename,
                                 guint          width,
                                 guint          height,
@@ -865,19 +864,20 @@
 static void
 set_color_table (gint32           image_ID,
 		 L_SUNFILEHEADER *sunhdr,
-		 guchar          *suncolmap)
+		 const guchar    *suncolmap)
 {
-  int ncols, j;
-  guchar ColorMap[256*3];
+  guchar ColorMap[256 * 3];
+  gint   ncols, j;
 
   ncols = sunhdr->l_ras_maplength / 3;
-  if (ncols <= 0) return;
+  if (ncols <= 0)
+    return;
 
-  for (j = 0; j < ncols; j++)
+  for (j = 0; j < MIN (ncols, 256); j++)
     {
-      ColorMap[j*3]   = suncolmap[j];
-      ColorMap[j*3+1] = suncolmap[j+ncols];
-      ColorMap[j*3+2] = suncolmap[j+2*ncols];
+      ColorMap[j * 3 + 0] = suncolmap[j];
+      ColorMap[j * 3 + 1] = suncolmap[j + ncols];
+      ColorMap[j * 3 + 2] = suncolmap[j + 2 * ncols];
     }
 
 #ifdef DEBUG
@@ -886,6 +886,7 @@
     printf ("%3d: 0x%02x 0x%02x 0x%02x\n", j,
 	    ColorMap[j*3], ColorMap[j*3+1], ColorMap[j*3+2]);
 #endif
+
   gimp_image_set_colormap (image_ID, ColorMap, ncols);
 }
 


Index: gimp.spec
===================================================================
RCS file: /cvs/dist/rpms/gimp/devel/gimp.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- gimp.spec	24 Apr 2007 10:06:22 -0000	1.120
+++ gimp.spec	30 Apr 2007 15:23:50 -0000	1.121
@@ -43,7 +43,7 @@
 %define age 0
 %define minorver 200
 %define microver %(ver=%{version}; echo ${ver##*.*.})
-Release:    1%{?dist}
+Release:    2%{?dist}
 Epoch:		2
 License: 	GPL, LGPL
 Group: 		Applications/Multimedia
@@ -102,6 +102,7 @@
 Patch4:		gimp-2.2.4-gifload.patch
 Patch5:     gimp-2.2.11-htmlview.patch
 Patch6:     gimp-2.2.11-gimptool.patch
+Patch7:     gimp-2.2.14-sunras-overflow.patch
 
 %description
 GIMP (GNU Image Manipulation Program) is a powerful image composition and
@@ -156,6 +157,7 @@
 %patch4 -p1 -b .gifload
 %patch5 -p1 -b .htmlview
 %patch6 -p1 -b .gimptool
+%patch7 -p1 -b .sunras-overflow
 
 %build
 libtoolize --copy --force
@@ -408,6 +410,9 @@
 %{_libdir}/pkgconfig/*
 
 %changelog
+* Mon Apr 30 2007 Nils Philippsen <nphilipp at redhat.com> - 2:2.2.14-2
+- avoid buffer overflow in sunras plugin (#238422)
+
 * Tue Apr 24 2007 Nils Philippsen <nphilipp at redhat.com> - 2:2.2.14-1
 - version 2.2.14
   


