Commit 1fd47f50 authored by Konstantin Pavlov's avatar Konstantin Pavlov
Browse files

Fix CVE 2006-4484. Should be backported.

parent ae26ef1d
......@@ -2012,6 +2012,7 @@ SDL_image-$(SDL_IMAGE_VERSION).tar.gz:
SDL_image: SDL_image-$(SDL_IMAGE_VERSION).tar.gz
$(EXTRACT_GZ)
patch -p0 < Patches/SDL_image.patch
patch -p0 < Patches/SDL_image-CVE-2006-4484.patch
.SDL_image: SDL_image .SDL .png .jpeg .tiff
(cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" --enable-tif --disable-sdltest && make && make install)
......
Common subdirectories: sdl-image1.2-1.2.5/debian and sdl-image1.2-1.2.5-fixed/debian
diff -up sdl-image1.2-1.2.5/IMG_gif.c sdl-image1.2-1.2.5-fixed/IMG_gif.c
--- sdl-image1.2-1.2.5/IMG_gif.c 2008-01-30 19:49:29.000000000 -0500
+++ sdl-image1.2-1.2.5-fixed/IMG_gif.c 2008-01-30 19:52:56.000000000 -0500
@@ -418,6 +418,10 @@ LWZReadByte(SDL_RWops *src, int flag, in
static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
register int i;
+ /* Fixed buffer overflow found by Michael Skladnikiewicz */
+ if (input_code_size > MAX_LWZ_BITS)
+ return -1;
+
if (flag) {
set_code_size = input_code_size;
code_size = set_code_size + 1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment