From ad457af9653ec7ce60fcc7071837f796ae94db208833af52507e45429f27b00d Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 27 Jul 2020 12:02:14 +0000 Subject: [PATCH] Accepting request 822927 from home:zcjia:branches:GNOME:Factory - Add gdk-pixbuf-boo1174307-io-gif-overflow.patch: Avoid overflows by checking the memset length argument (boo#1174307). - Raise dependency glib-2.0 version. OBS-URL: https://build.opensuse.org/request/show/822927 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdk-pixbuf?expand=0&rev=169 --- gdk-pixbuf-boo1174307-io-gif-overflow.patch | 36 +++++++++++++++++++++ gdk-pixbuf.changes | 7 ++++ gdk-pixbuf.spec | 6 +++- 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 gdk-pixbuf-boo1174307-io-gif-overflow.patch diff --git a/gdk-pixbuf-boo1174307-io-gif-overflow.patch b/gdk-pixbuf-boo1174307-io-gif-overflow.patch new file mode 100644 index 0000000..199b1a3 --- /dev/null +++ b/gdk-pixbuf-boo1174307-io-gif-overflow.patch @@ -0,0 +1,36 @@ +From 43ec8f286e3d499d82735c16bbca83d7a1c03efa Mon Sep 17 00:00:00 2001 +From: Emmanuele Bassi +Date: Wed, 1 Apr 2020 18:11:55 +0100 +Subject: [PATCH] Check the memset length argument + +Avoid overflows by using the checked multiplication macro for gsize. + +Fixes: #132 +--- + gdk-pixbuf/io-gif-animation.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c +index a3155e065..d74296337 100644 +--- a/gdk-pixbuf/io-gif-animation.c ++++ b/gdk-pixbuf/io-gif-animation.c +@@ -411,11 +411,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter) + + /* If no rendered frame, render the first frame */ + if (anim->last_frame == NULL) { ++ gsize len = 0; + if (anim->last_frame_data == NULL) + anim->last_frame_data = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height); + if (anim->last_frame_data == NULL) + return NULL; +- memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height); ++ if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height)) ++ memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, len); ++ else ++ return NULL; + composite_frame (anim, g_list_nth_data (anim->frames, 0)); + } + +-- +GitLab + diff --git a/gdk-pixbuf.changes b/gdk-pixbuf.changes index bc1f23d..bd85359 100644 --- a/gdk-pixbuf.changes +++ b/gdk-pixbuf.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jul 27 06:56:15 UTC 2020 - Jia Zhaocong + +- Add gdk-pixbuf-boo1174307-io-gif-overflow.patch: Avoid overflows + by checking the memset length argument (boo#1174307). +- Raise dependency glib-2.0 version. + ------------------------------------------------------------------- Mon Feb 24 01:29:03 UTC 2020 - Yifan Jiang diff --git a/gdk-pixbuf.spec b/gdk-pixbuf.spec index 047e52a..d320ae4 100644 --- a/gdk-pixbuf.spec +++ b/gdk-pixbuf.spec @@ -37,6 +37,9 @@ Source2: README.SUSE Source3: gdk-pixbuf-rpmlintrc Source99: baselibs.conf +# PATCH-FIX-UPSTREAM gdk-pixbuf-boo1174307-io-gif-overflow.patch boo#1174307 glgo#GNOME/gdk-pixbuf#132 zcjia@suse.com -- Avoid overflows by checking the memset length argument +Patch0: gdk-pixbuf-boo1174307-io-gif-overflow.patch + BuildRequires: docbook-xsl-stylesheets BuildRequires: gtk-doc BuildRequires: libjpeg-devel @@ -46,7 +49,7 @@ BuildRequires: pkgconfig BuildRequires: translation-update-upstream BuildRequires: unzip BuildRequires: xsltproc -BuildRequires: pkgconfig(glib-2.0) >= 2.48.0 +BuildRequires: pkgconfig(glib-2.0) >= 2.56.0 BuildRequires: pkgconfig(gobject-introspection-1.0) BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(x11) @@ -135,6 +138,7 @@ This package contains the development files for gdk-pixbuf. %setup -c -T -q unzip -P gecko %{SOURCE0} translation-update-upstream +%patch0 -p1 %if "%{_lib}" == "lib64" cp -a %{SOURCE2} . %endif