Fix CVE 2006-4484. Should be backported.

1fd47f50 · Konstantin Pavlov · ae26ef1d · 1fd47f50 · 1fd47f50
Commit 1fd47f50 authored Feb 01, 2008 by Konstantin Pavlov
--- a/extras/contrib/src/Makefile
+++ b/extras/contrib/src/Makefile
@@ -2012,6 +2012,7 @@ SDL_image-$(SDL_IMAGE_VERSION).tar.gz:
 SDL_image: SDL_image-$(SDL_IMAGE_VERSION).tar.gz 
 	$(EXTRACT_GZ)
 	patch -p0 < Patches/SDL_image.patch
+	patch -p0 < Patches/SDL_image-CVE-2006-4484.patch

 .SDL_image: SDL_image .SDL .png .jpeg .tiff
 	(cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" --enable-tif --disable-sdltest && make && make install)

--- a/extras/contrib/src/Patches/SDL_image-CVE-2006-4484.patch
+++ b/extras/contrib/src/Patches/SDL_image-CVE-2006-4484.patch
+Common subdirectories: sdl-image1.2-1.2.5/debian and sdl-image1.2-1.2.5-fixed/debian
+diff -up sdl-image1.2-1.2.5/IMG_gif.c sdl-image1.2-1.2.5-fixed/IMG_gif.c
+--- sdl-image1.2-1.2.5/IMG_gif.c	2008-01-30 19:49:29.000000000 -0500
+++ sdl-image1.2-1.2.5-fixed/IMG_gif.c	2008-01-30 19:52:56.000000000 -0500
+@@ -418,6 +418,10 @@ LWZReadByte(SDL_RWops *src, int flag, in
+     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+     register int i;
+ 
+    /* Fixed buffer overflow found by Michael Skladnikiewicz */
+    if (input_code_size > MAX_LWZ_BITS)
+        return -1;
+
+     if (flag) {
+ 	set_code_size = input_code_size;
+ 	code_size = set_code_size + 1;