Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Factory
plib
plib-1.8.5-CVE-2021-38714.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File plib-1.8.5-CVE-2021-38714.patch of Package plib
Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 Author: Anton Gladky <gladk@debian.org> Bug-Debian: https://bugs.debian.org/992973 Last-Update: 2021-10-02 Index: plib/src/ssg/ssgLoadTGA.cxx =================================================================== --- src/ssg/ssgLoadTGA.cxx.orig +++ src/ssg/ssgLoadTGA.cxx @@ -23,6 +23,7 @@ #include "ssgLocal.h" +#include <new> #ifdef SSG_LOAD_TGA_SUPPORTED @@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg // image info int type = header[2]; - int xsize = get16u(header + 12); - int ysize = get16u(header + 14); - int bits = header[16]; + unsigned int xsize = get16u(header + 12); + unsigned int ysize = get16u(header + 14); + unsigned int bits = header[16]; /* image types: * @@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg } + const auto bytes_to_allocate = (bits / 8) * xsize * ysize; + + ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, %ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, (ysize * (bits / 8))); + + if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize)) + { + ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, ysize = %d", xsize, ysize); + return false; + } + else + { + ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size %d x %d", bytes_to_allocate, xsize, ysize ); + } + // read image data - GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ]; + GLubyte *image; + try + { + image = new GLubyte [ bytes_to_allocate ]; + } + catch (const std::bad_alloc&) + { + ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes failed!", bytes_to_allocate); + return false; + } if ((type & 8) != 0) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor