File CVE-2019-19004.patch of Package autotrace

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-19004.patch of Package autotrace

From 64c5833e55d7672d6136a3fbfeae24bd012d36a5 Mon Sep 17 00:00:00 2001
From: Matthew Pruett <matthewtpruett@yahoo.com>
Date: Sat, 6 Feb 2021 23:09:31 -0500
Subject: [PATCH] Check for overflow in row bytes

Fixes CVE-2019-19004
---
 src/input-bmp.c | 7 +++++++
 1 file changed, 7 insertions(+)

Index: autotrace-0.31.1/input-bmp.c
===================================================================
--- autotrace-0.31.1.orig/input-bmp.c
+++ autotrace-0.31.1/input-bmp.c
@@ -219,6 +219,13 @@ input_bmp_reader (at_string filename,
   /* Windows and OS/2 declare filler so that rows are a multiple of
    * word length (32 bits == 4 bytes)
    */
+   
+  unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
+  if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
+    LOG("Error reading BMP file header. Width is too large\n");
+    at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
+    goto cleanup;
+  }
 
   rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;

Places

File CVE-2019-19004.patch of Package autotrace

Places