diff options
| author | Martin Wilke <miwi@FreeBSD.org> | 2008-05-02 20:06:59 +0000 |
|---|---|---|
| committer | Martin Wilke <miwi@FreeBSD.org> | 2008-05-02 20:06:59 +0000 |
| commit | a1f503fcf1c994bc46c68c05c31f6435669deb48 (patch) | |
| tree | a04cd786b8eaf0346c0b4f820d71e5b8a7c9a3fc /graphics/sdl_image | |
| parent | 16fb04f4439442d082e83446bd7219fcd13ba0a0 (diff) | |
| download | ports-a1f503fcf1c994bc46c68c05c31f6435669deb48.tar.gz ports-a1f503fcf1c994bc46c68c05c31f6435669deb48.zip | |
- Fix buffer overflows
PR: 122366
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Approved by: maintainer
Security: http://www.vuxml.org/freebsd/b1bcab7d-1880-11dd-a914-0016179b2dd5.html
Notes
Notes:
svn path=/head/; revision=212499
Diffstat (limited to 'graphics/sdl_image')
| -rw-r--r-- | graphics/sdl_image/Makefile | 1 | ||||
| -rw-r--r-- | graphics/sdl_image/files/patch-IMG_gif.c | 13 | ||||
| -rw-r--r-- | graphics/sdl_image/files/patch-IMG_lbm.c | 28 |
3 files changed, 42 insertions, 0 deletions
diff --git a/graphics/sdl_image/Makefile b/graphics/sdl_image/Makefile index 4493575c3da1..1642c4435808 100644 --- a/graphics/sdl_image/Makefile +++ b/graphics/sdl_image/Makefile @@ -7,6 +7,7 @@ PORTNAME= sdl_image PORTVERSION= 1.2.6 +PORTREVISION= 1 CATEGORIES= graphics MASTER_SITES= http://www.libsdl.org/projects/SDL_image/release/ DISTNAME= SDL_image-${PORTVERSION} diff --git a/graphics/sdl_image/files/patch-IMG_gif.c b/graphics/sdl_image/files/patch-IMG_gif.c new file mode 100644 index 000000000000..23e970bd147a --- /dev/null +++ b/graphics/sdl_image/files/patch-IMG_gif.c @@ -0,0 +1,13 @@ +--- IMG_gif.c 2007/02/13 10:09:17 2970 ++++ IMG_gif.c 2007/12/28 16:43:56 3462 +@@ -418,6 +418,10 @@ + static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp; + register int i; + ++ /* Fixed buffer overflow found by Michael Skladnikiewicz */ ++ if (input_code_size > MAX_LWZ_BITS) ++ return -1; ++ + if (flag) { + set_code_size = input_code_size; + code_size = set_code_size + 1; diff --git a/graphics/sdl_image/files/patch-IMG_lbm.c b/graphics/sdl_image/files/patch-IMG_lbm.c new file mode 100644 index 000000000000..5f67e6ded16e --- /dev/null +++ b/graphics/sdl_image/files/patch-IMG_lbm.c @@ -0,0 +1,28 @@ +--- IMG_lbm.c 2007/07/20 04:37:11 3341 ++++ IMG_lbm.c 2008/01/03 20:05:34 3521 +@@ -28,6 +28,7 @@ + EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain + (http://www.multimania.com/mavati) in December 2003. + Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004. ++ Buffer overflow fix in RLE decompression by David Raulo in January 2008. + */ + + #include <stdio.h> +@@ -328,7 +329,7 @@ + count ^= 0xFF; + count += 2; /* now it */ + +- if ( !SDL_RWread( src, &color, 1, 1 ) ) ++ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) ) + { + error="error reading BODY chunk"; + goto done; +@@ -339,7 +340,7 @@ + { + ++count; + +- if ( !SDL_RWread( src, ptr, count, 1 ) ) ++ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) ) + { + error="error reading BODY chunk"; + goto done; |