diff options
| author | Fredrik Rinnestam <fredrik@crux.nu> | 2015-08-18 20:48:29 +0200 |
|---|---|---|
| committer | Fredrik Rinnestam <fredrik@crux.nu> | 2015-08-18 20:48:29 +0200 |
| commit | 6b9a9c2f71efc481f605120587d9eca045a32388 (patch) | |
| tree | 27246706bf5d9ea07d27b2463749c13f285b3d26 /gdk-pixbuf | |
| parent | a150c70045e25647d61b5da1beff1f00e5c2a340 (diff) | |
| download | opt-6b9a9c2f71efc481f605120587d9eca045a32388.tar.gz opt-6b9a9c2f71efc481f605120587d9eca045a32388.tar.xz | |
[notify] gdk-pixbuf: added patch for CVE-2015-4491.
Advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491
Diffstat (limited to 'gdk-pixbuf')
| -rw-r--r-- | gdk-pixbuf/.footprint | 8 | ||||
| -rw-r--r-- | gdk-pixbuf/.md5sum | 1 | ||||
| -rw-r--r-- | gdk-pixbuf/CVE-2015-4491.patch | 81 | ||||
| -rw-r--r-- | gdk-pixbuf/Pkgfile | 11 |
4 files changed, 93 insertions, 8 deletions
diff --git a/gdk-pixbuf/.footprint b/gdk-pixbuf/.footprint index e6bdbb2fb..886256626 100644 --- a/gdk-pixbuf/.footprint +++ b/gdk-pixbuf/.footprint @@ -71,10 +71,10 @@ lrwxrwxrwx root/root usr/lib/libgdk_pixbuf_xlib-2.0.so.0 -> libgdk_pixbuf_xlib-2 drwxr-xr-x root/root usr/lib/pkgconfig/ -rw-r--r-- root/root usr/lib/pkgconfig/gdk-pixbuf-2.0.pc -rw-r--r-- root/root usr/lib/pkgconfig/gdk-pixbuf-xlib-2.0.pc -drwxr-xr-x root/root usr/man/ -drwxr-xr-x root/root usr/man/man1/ --rw-r--r-- root/root usr/man/man1/gdk-pixbuf-csource.1.gz --rw-r--r-- root/root usr/man/man1/gdk-pixbuf-query-loaders.1.gz drwxr-xr-x root/root usr/share/ drwxr-xr-x root/root usr/share/gir-1.0/ -rw-r--r-- root/root usr/share/gir-1.0/GdkPixbuf-2.0.gir +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rw-r--r-- root/root usr/share/man/man1/gdk-pixbuf-csource.1.gz +-rw-r--r-- root/root usr/share/man/man1/gdk-pixbuf-query-loaders.1.gz diff --git a/gdk-pixbuf/.md5sum b/gdk-pixbuf/.md5sum index 8118c354d..1c5d7a2e0 100644 --- a/gdk-pixbuf/.md5sum +++ b/gdk-pixbuf/.md5sum @@ -1,3 +1,4 @@ +6c3862a6dfd70e31f8a6a1c3c65caece CVE-2015-4491.patch 4fed0d54432f1b69fc6e66e608bd5542 gdk-pixbuf-2.30.8.tar.xz d5311640870a5de1dc8aefcb4509a99d gdk-pixbuf-register.sh 94f3472231326d5352d007497db82798 gdk-pixbuf.loaders diff --git a/gdk-pixbuf/CVE-2015-4491.patch b/gdk-pixbuf/CVE-2015-4491.patch new file mode 100644 index 000000000..9b5e29755 --- /dev/null +++ b/gdk-pixbuf/CVE-2015-4491.patch @@ -0,0 +1,81 @@ +From 62eab9b3d73a07f1b1821ff05eda6ccf5e2c5901 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Mon, 13 Jul 2015 00:33:40 -0400 +Subject: [PATCH] pixops: Be more careful about integer overflow + +Our loader code is supposed to handle out-of-memory and overflow +situations gracefully, reporting errors instead of aborting. But +if you load an image at a specific size, we also execute our +scaling code, which was not careful enough about overflow in some +places. This commit makes the scaling code silently return if +it fails to allocate filter tables. + +https://bugzilla.gnome.org/show_bug.cgi?id=752297 +--- + gdk-pixbuf/pixops/pixops.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c +index 29a1c14..226ad09 100644 +--- a/gdk-pixbuf/pixops/pixops.c ++++ b/gdk-pixbuf/pixops/pixops.c +@@ -1272,7 +1272,16 @@ make_filter_table (PixopsFilter *filter) + int i_offset, j_offset; + int n_x = filter->x.n; + int n_y = filter->y.n; +- int *weights = g_new (int, SUBSAMPLE * SUBSAMPLE * n_x * n_y); ++ gsize n_weights; ++ int *weights; ++ ++ n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y; ++ if (n_weights / (SUBSAMPLE * SUBSAMPLE) != n_x * n_y) ++ return NULL; /* overflow, bail */ ++ ++ weights = g_new (int, n_weights); ++ if (!weights) ++ return NULL; /* overflow, bail */ + + for (i_offset=0; i_offset < SUBSAMPLE; i_offset++) + for (j_offset=0; j_offset < SUBSAMPLE; j_offset++) +@@ -1347,8 +1356,11 @@ pixops_process (guchar *dest_buf, + if (x_step == 0 || y_step == 0) + return; /* overflow, bail out */ + +- line_bufs = g_new (guchar *, filter->y.n); + filter_weights = make_filter_table (filter); ++ if (!filter_weights) ++ return; /* overflow, bail out */ ++ ++ line_bufs = g_new (guchar *, filter->y.n); + + check_shift = check_size ? get_check_shift (check_size) : 0; + +@@ -1468,7 +1480,7 @@ tile_make_weights (PixopsFilterDimension *dim, + double scale) + { + int n = ceil (1 / scale + 1); +- double *pixel_weights = g_new (double, SUBSAMPLE * n); ++ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); + int offset; + int i; + +@@ -1526,7 +1538,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *dim, + } + + dim->n = n; +- dim->weights = g_new (double, SUBSAMPLE * n); ++ dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); + + pixel_weights = dim->weights; + +@@ -1617,7 +1629,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim, + double scale) + { + int n = ceil (1/scale + 3.0); +- double *pixel_weights = g_new (double, SUBSAMPLE * n); ++ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); + double w; + int offset, i; + +-- +2.4.3 diff --git a/gdk-pixbuf/Pkgfile b/gdk-pixbuf/Pkgfile index 5ba2bd380..e2bed9f35 100644 --- a/gdk-pixbuf/Pkgfile +++ b/gdk-pixbuf/Pkgfile @@ -5,15 +5,18 @@ name=gdk-pixbuf version=2.30.8 -release=2 +release=3 source=(http://download.gnome.org/sources/$name/2.30/$name-$version.tar.xz \ - gdk-pixbuf.loaders gdk-pixbuf-register.sh) + gdk-pixbuf.loaders gdk-pixbuf-register.sh CVE-2015-4491.patch) build () { cd $name-$version + patch -p1 -i $SRC/CVE-2015-4491.patch - ./configure --prefix=/usr --mandir=/usr/man --disable-nls \ - --without-libjasper --with-x11 + ./configure --prefix=/usr \ + --disable-nls \ + --without-libjasper \ + --with-x11 make make DESTDIR=$PKG install |