rpms/gimp/FC-6 gimp-2.2.14-sunras-overflow.patch,NONE,1.1
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue May 1 12:08:18 UTC 2007
- Previous message (by thread): rpms/gimp/FC-6 .cvsignore, 1.28, 1.29 gimp.spec, 1.111, 1.112 sources, 1.28, 1.29
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-2.0.3.rh127576.gtkunixprintdialog.patch, 1.28, 1.29 openoffice.org.spec, 1.1168, 1.1169
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nphilipp
Update of /cvs/dist/rpms/gimp/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv30852
Added Files:
gimp-2.2.14-sunras-overflow.patch
Log Message:
avoid buffer overflow in sunras plugin (#238422)
gimp-2.2.14-sunras-overflow.patch:
ChangeLog | 7 +++++++
plug-ins/common/sunras.c | 21 +++++++++++----------
2 files changed, 18 insertions(+), 10 deletions(-)
--- NEW FILE gimp-2.2.14-sunras-overflow.patch ---
--- gimp-2.2.14/ChangeLog.sunras-overflow 2007-04-17 23:58:21.000000000 +0200
+++ gimp-2.2.14/ChangeLog 2007-04-30 15:38:06.000000000 +0200
@@ -0,0 +1,7 @@
+2007-04-27 Sven Neumann <sven at gimp.org>
+
+ Merged from trunk:
+
+ * plug-ins/common/sunras.c (set_color_table): guard against a
+ possible stack overflow.
+
--- gimp-2.2.14/plug-ins/common/sunras.c.sunras-overflow 2007-04-17 23:11:23.000000000 +0200
+++ gimp-2.2.14/plug-ins/common/sunras.c 2007-04-30 15:36:33.000000000 +0200
@@ -102,8 +102,7 @@
gint32 image_ID,
gint32 drawable_ID);
-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
-
+static void set_color_table (gint32, L_SUNFILEHEADER *, const guchar *);
static gint32 create_new_image (const gchar *filename,
guint width,
guint height,
@@ -865,19 +864,20 @@
static void
set_color_table (gint32 image_ID,
L_SUNFILEHEADER *sunhdr,
- guchar *suncolmap)
+ const guchar *suncolmap)
{
- int ncols, j;
- guchar ColorMap[256*3];
+ guchar ColorMap[256 * 3];
+ gint ncols, j;
ncols = sunhdr->l_ras_maplength / 3;
- if (ncols <= 0) return;
+ if (ncols <= 0)
+ return;
- for (j = 0; j < ncols; j++)
+ for (j = 0; j < MIN (ncols, 256); j++)
{
- ColorMap[j*3] = suncolmap[j];
- ColorMap[j*3+1] = suncolmap[j+ncols];
- ColorMap[j*3+2] = suncolmap[j+2*ncols];
+ ColorMap[j * 3 + 0] = suncolmap[j];
+ ColorMap[j * 3 + 1] = suncolmap[j + ncols];
+ ColorMap[j * 3 + 2] = suncolmap[j + 2 * ncols];
}
#ifdef DEBUG
@@ -886,6 +886,7 @@
printf ("%3d: 0x%02x 0x%02x 0x%02x\n", j,
ColorMap[j*3], ColorMap[j*3+1], ColorMap[j*3+2]);
#endif
+
gimp_image_set_colormap (image_ID, ColorMap, ncols);
}
- Previous message (by thread): rpms/gimp/FC-6 .cvsignore, 1.28, 1.29 gimp.spec, 1.111, 1.112 sources, 1.28, 1.29
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-2.0.3.rh127576.gtkunixprintdialog.patch, 1.28, 1.29 openoffice.org.spec, 1.1168, 1.1169
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list