pool/gdk-pixbuf
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gdk-pixbuf/gdk-pixbuf-bgo768484-ico-set-errors.patch
Bjørn Lie 7eea91dac6 Accepting request 424115 from home:zhangxiaofei:branches:GNOME:Factory 
- Add fixes for some crashes, taken from upstream git (bsc#988745
  bsc#991450 CVE-2016-6352):
  gdk-pixbuf-bgo768688-bmp-overflow.patch
  gdk-pixbuf-bgo768484-ico-set-errors.patch
  gdk-pixbuf-bgo769738-bmp-overflow.patch
  gdk-pixbuf-bgo769170-ico-headers.patch

OBS-URL: https://build.opensuse.org/request/show/424115
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdk-pixbuf?expand=0&rev=111
2016-09-01 09:33:46 +00:00

53 lines
1.9 KiB
Diff
Raw Blame History

From 0cff83e985fba5350695c00ed1ac30fc31ec5960 Mon Sep 17 00:00:00 2001
From: Hanno Boeck <hanno@hboeck.de>
Date: Wed, 6 Jul 2016 13:05:00 +0000
Subject: [PATCH] ico: Always set errors
When the ico header turn out to be bad, always set an
error when we fail. Otherwise, applications will get
confused.
This commit also adds an example image with a bad ico header.
https://bugzilla.gnome.org/show_bug.cgi?id=768484
---
gdk-pixbuf/io-ico.c | 14 ++++++++++++--
tests/test-images/randomly-modified/bad-header.ico | Bin 0 -> 6 bytes
2 files changed, 12 insertions(+), 2 deletions(-)
create mode 100644 tests/test-images/randomly-modified/bad-header.ico
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
index 86714af..82d3e4e 100644
--- a/gdk-pixbuf/io-ico.c
+++ b/gdk-pixbuf/io-ico.c
@@ -258,8 +258,13 @@ static void DecodeHeader(guchar *Data, gint Bytes,
State->HeaderBuf = tmp;
State->BytesInHeaderBuf = State->HeaderSize;
}
- if (Bytes < State->HeaderSize)
+ if (Bytes < State->HeaderSize) {
+ g_set_error_literal (error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+ _("Not enough bytes for header"));
return;
+ }
/* Now iterate through the ICONDIRENTRY structures, and sort them by
* which one we think is "best" (essentially the largest) */
@@ -399,8 +404,13 @@ static void DecodeHeader(guchar *Data, gint Bytes,
State->HeaderBuf = tmp;
State->BytesInHeaderBuf = State->HeaderSize;
}
- if (Bytes < State->HeaderSize)
+ if (Bytes < State->HeaderSize) {
+ g_set_error_literal (error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+ _("Not enough bytes for header"));
return;
+ }
/* Negative heights mean top-down pixel-order */
if (State->Header.height < 0) {
Reference in New Issue View Git Blame Copy Permalink