Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Staging:C
gd
gd-CVE-2014-9709.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gd-CVE-2014-9709.patch of Package gd
From 47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 Mon Sep 17 00:00:00 2001 From: Remi Collet <fedora@famillecollet.com> Date: Sat, 13 Dec 2014 08:48:18 +0100 Subject: [PATCH] Fix possible buffer read overflow detected by -fsanitize=address, thanks to Jan Bee --- src/gd_gif_in.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) Index: src/gd_gif_in.c =================================================================== --- src/gd_gif_in.c.orig 2013-06-25 11:58:23.000000000 +0200 +++ src/gd_gif_in.c 2015-03-24 15:02:44.776580918 +0100 @@ -75,8 +75,10 @@ #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2) +#define CSD_BUF_SIZE 280 + typedef struct { - unsigned char buf[280]; + unsigned char buf[CSD_BUF_SIZE]; int curbit; int lastbit; int done; @@ -408,9 +410,13 @@ scd->lastbit = (2 + count) * 8; } - ret = 0; - for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) { - ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; + if ((scd->curbit + code_size - 1) >= (CSD_BUF_SIZE * 8)) { + ret = -1; + } else { + ret = 0; + for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) { + ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; + } } scd->curbit += code_size;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor