Accepting request 1113927 from home:AndreasStieger:branches:graphics
- Add 0001-Fix-invalid-incremental-decoding-check.patch A fuzzing finding fixed in the SLE/Leap updates OBS-URL: https://build.opensuse.org/request/show/1113927 OBS-URL: https://build.opensuse.org/package/show/graphics/libwebp?expand=0&rev=41
This commit is contained in:
parent
005cc750f2
commit
7b36c92552
48
0001-Fix-invalid-incremental-decoding-check.patch
Normal file
48
0001-Fix-invalid-incremental-decoding-check.patch
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
From 95ea5226c870449522240ccff26f0b006037c520 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vincent Rabaud <vrabaud@google.com>
|
||||||
|
Date: Mon, 11 Sep 2023 16:06:08 +0200
|
||||||
|
Subject: [PATCH] Fix invalid incremental decoding check.
|
||||||
|
|
||||||
|
The first condition is only necessary if we have not read enough
|
||||||
|
(enough being defined by src_last, not src_end which is the end
|
||||||
|
of the image).
|
||||||
|
The second condition now fits the comment below: "if not
|
||||||
|
incremental, and we are past the end of buffer".
|
||||||
|
|
||||||
|
BUG=oss-fuzz:62136
|
||||||
|
|
||||||
|
Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f
|
||||||
|
---
|
||||||
|
src/dec/vp8l_dec.c | 15 +++++++++++++--
|
||||||
|
1 file changed, 13 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
|
||||||
|
index 5ab34f56..809b1aa9 100644
|
||||||
|
--- a/src/dec/vp8l_dec.c
|
||||||
|
+++ b/src/dec/vp8l_dec.c
|
||||||
|
@@ -1233,9 +1233,20 @@ static int DecodeImageData(VP8LDecoder* const dec, uint32_t* const data,
|
||||||
|
}
|
||||||
|
|
||||||
|
br->eos_ = VP8LIsEndOfStream(br);
|
||||||
|
- if (dec->incremental_ && br->eos_ && src < src_end) {
|
||||||
|
+ // In incremental decoding:
|
||||||
|
+ // br->eos_ && src < src_last: if 'br' reached the end of the buffer and
|
||||||
|
+ // 'src_last' has not been reached yet, there is not enough data. 'dec' has to
|
||||||
|
+ // be reset until there is more data.
|
||||||
|
+ // !br->eos_ && src < src_last: this cannot happen as either the buffer is
|
||||||
|
+ // fully read, either enough has been read to reach 'src_last'.
|
||||||
|
+ // src >= src_last: 'src_last' is reached, all is fine. 'src' can actually go
|
||||||
|
+ // beyond 'src_last' in case the image is cropped and an LZ77 goes further.
|
||||||
|
+ // The buffer might have been enough or there is some left. 'br->eos_' does
|
||||||
|
+ // not matter.
|
||||||
|
+ assert(!dec->incremental_ || (br->eos_ && src < src_last) || src >= src_last);
|
||||||
|
+ if (dec->incremental_ && br->eos_ && src < src_last) {
|
||||||
|
RestoreState(dec);
|
||||||
|
- } else if (!br->eos_) {
|
||||||
|
+ } else if ((dec->incremental_ && src >= src_last) || !br->eos_) {
|
||||||
|
// Process the remaining rows corresponding to last row-block.
|
||||||
|
if (process_func != NULL) {
|
||||||
|
process_func(dec, row > last_row ? last_row : row);
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 27 20:37:54 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||||
|
|
||||||
|
- Add 0001-Fix-invalid-incremental-decoding-check.patch
|
||||||
|
A fuzzing finding fixed in the SLE/Leap updates
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Sep 15 07:37:46 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
Fri Sep 15 07:37:46 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||||
|
|
||||||
|
@ -29,6 +29,9 @@ Source2: https://storage.googleapis.com/downloads.webmproject.org/release
|
|||||||
Source3: %name.keyring
|
Source3: %name.keyring
|
||||||
Source4: baselibs.conf
|
Source4: baselibs.conf
|
||||||
|
|
||||||
|
# PATCH-FIX-UPSTREAM 0001-Fix-invalid-incremental-decoding-check.patch boo#1215231 CVE-2023-4863 xwang@suse.com -- Fix invalid incremental decoding check
|
||||||
|
Patch2: 0001-Fix-invalid-incremental-decoding-check.patch
|
||||||
|
|
||||||
BuildRequires: giflib-devel
|
BuildRequires: giflib-devel
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: pkgconfig(glut)
|
BuildRequires: pkgconfig(glut)
|
||||||
|
Loading…
Reference in New Issue
Block a user