From e3eaf92ca6a3e95380f4d45a01bfc764c695b68f8c6afdd5deaab394367b39ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=98=D0=BB=D1=8C=D1=8F=20=D0=98=D0=BD=D0=B4=D0=B8=D0=B3?= =?UTF-8?q?=D0=BE?= Date: Wed, 27 Apr 2022 10:21:04 +0000 Subject: [PATCH] Accepting request 973060 from home:jmoellers:branches:multimedia:libs OBS-URL: https://build.opensuse.org/request/show/973060 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libcaca?expand=0&rev=62 --- ...y-handle-zero-width-or-height-images.patch | 28 +++++++++++++++++++ libcaca.changes | 9 ++++++ libcaca.spec | 5 +++- 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 bsc1197028-correctly-handle-zero-width-or-height-images.patch diff --git a/bsc1197028-correctly-handle-zero-width-or-height-images.patch b/bsc1197028-correctly-handle-zero-width-or-height-images.patch new file mode 100644 index 0000000..7fa1fdc --- /dev/null +++ b/bsc1197028-correctly-handle-zero-width-or-height-images.patch @@ -0,0 +1,28 @@ +Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/img2txt.c +=================================================================== +--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/img2txt.c ++++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/img2txt.c +@@ -177,7 +177,13 @@ int main(int argc, char **argv) + } + + /* Assume a 6×10 font */ +- if(!cols && !lines) ++ if(!i->w || !i->h) ++ { ++ fprintf(stderr, "%s: image size is 0\n", argv[0]); ++ lines = 0; ++ cols = 0; ++ } ++ else if(!cols && !lines) + { + cols = 60; + lines = cols * i->h * font_width / i->w / font_height; +@@ -214,7 +220,7 @@ int main(int argc, char **argv) + export = caca_export_canvas_to_memory(cv, format?format:"ansi", &len); + if(!export) + { +- fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format); ++ fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format?format:"ansi"); + } + else + { diff --git a/libcaca.changes b/libcaca.changes index ff26785..4a3b463 100644 --- a/libcaca.changes +++ b/libcaca.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Mar 14 13:36:16 UTC 2022 - Josef Möllers + +- When a zero-width or zero-height image is given, a divide-by-zero + occurs. This patch checks for this and produces a zero-sized + output. + [bsc1197028-correctly-handle-zero-width-or-height-images.patch, + CVE-2022-0856, bsc#1197028] + ------------------------------------------------------------------- Fri Apr 16 15:57:48 UTC 2021 - Josef Möllers diff --git a/libcaca.spec b/libcaca.spec index 3c05354..fdfe839 100644 --- a/libcaca.spec +++ b/libcaca.spec @@ -1,7 +1,7 @@ # # spec file for package libcaca # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -39,6 +39,8 @@ Patch12: Bug1120502-add_cast_to_prevent_overflow.patch Patch13: Bug1143286_libcaca_configure_ac_chg_for_lto.patch Patch14: libcaca-bsc1182731-prevent-overflow.patch Patch99: bsc1184751-add-space-for-NUL-byte.patch +# PATCH-FIX-UPSTREAM correctly-handle-zero-width-or-height-images.patch bsc#1197028 +Patch100: bsc1197028-correctly-handle-zero-width-or-height-images.patch BuildRequires: doxygen BuildRequires: fdupes BuildRequires: freeglut-devel @@ -146,6 +148,7 @@ drawing, triangle filling and sprite blitting. %patch13 -p1 %patch14 -p1 %patch99 -p1 +%patch100 -p1 RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`" find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \; pushd python