Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.1:Rings:1-MinimalX
gdk-pixbuf
gdk-pixbuf-bgo779012-ico-overflow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gdk-pixbuf-bgo779012-ico-overflow.patch of Package gdk-pixbuf
From dec9ca22d70c0f0d4492333b4e8147afb038afd2 Mon Sep 17 00:00:00 2001 From: Dhiru Kholia <dhiru.kholia@gmail.com> Date: Thu, 30 Nov 2017 02:36:26 +0100 Subject: [PATCH] ico: Fix potential integer overflow Which relies on undefined behaviour. Instead of checking for an overflowed integer after the fact, check whether the addition would be possible at all. Fixes: CVE-2017-6312 https://bugzilla.gnome.org/show_bug.cgi?id=779012 --- gdk-pixbuf/io-ico.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c index 8729a0fb9..a86725751 100644 --- a/gdk-pixbuf/io-ico.c +++ b/gdk-pixbuf/io-ico.c @@ -333,10 +333,8 @@ static void DecodeHeader(guchar *Data, gint Bytes, for (l = State->entries; l != NULL; l = g_list_next (l)) { entry = l->data; - /* We know how many bytes are in the "header" part. */ - State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE; - - if (State->HeaderSize < 0) { + /* Avoid invoking undefined behavior in the State->HeaderSize calculation below */ + if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) { g_set_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE, @@ -344,6 +342,9 @@ static void DecodeHeader(guchar *Data, gint Bytes, return; } + /* We know how many bytes are in the "header" part. */ + State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE; + if (State->HeaderSize>State->BytesInHeaderBuf) { guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize); if (!tmp) { -- 2.15.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor