packages/gdk-pixbuf2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-44648

Browse Source 
(cherry picked from commit a1ef744fc48c49252a242be5f8f955b61905f976)
This commit is contained in:
zhangpan 2023-06-20 11:15:28 +00:00 committed by openeuler-sync-bot
parent eb536102b4
commit 1e74b1cf54
3 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
backport-CVE-2021-44648.patch Normal file
View File

@ -0,0 +1,40 @@
From 19ebba03117aefc9d0312f675f3a210ffdcc4907 Mon Sep 17 00:00:00 2001
From: Robert Ancell <Robert Ancell @robert.ancell>
Date: Tue, 24 May 2022 14:36:15 +0800
Subject: [PATCH] Fix overflow when reading GIF images with invalid LZW initial code size.
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130/diffs?commit_id=19ebba03117aefc9d0312f675f3a210ffdcc4907
---
gdk-pixbuf/io-gif.c | 2 +-
gdk-pixbuf/lzw.c | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
index 1befba1..3d2a7a9 100644
--- a/gdk-pixbuf/io-gif.c
+++ b/gdk-pixbuf/io-gif.c
@@ -500,7 +500,7 @@ gif_prepare_lzw (GifContext *context)
return -1;
}
- if (context->lzw_set_code_size > 12) {
+ if (context->lzw_set_code_size >= 12) {
g_set_error_literal (context->error,
GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
index 105daf2..f3fae17 100644
--- a/gdk-pixbuf/lzw.c
+++ b/gdk-pixbuf/lzw.c
@@ -121,6 +121,8 @@ lzw_decoder_new (guint8 code_size)
LZWDecoder *self;
int i;
+ g_return_val_if_fail (code_size <= LZW_CODE_MAX, NULL);
+
self = g_object_new (lzw_decoder_get_type (), NULL);
self->min_code_size = code_size;
--
2.27.0

8
gdk-pixbuf2.spec
View File

@ -2,13 +2,15 @@
Name: gdk-pixbuf2
Version: 2.42.6
Release: 4
Release: 5
Summary: gdk is a multi-platform toolkit for creating graphical user interfaces.
License: LGPLv2+
URL: https://gitlab.gnome.org/GNOME/gdk-pixbuf
Source0: https://download-fallback.gnome.org/sources/gdk-pixbuf/2.42/gdk-pixbuf-%{version}.tar.xz
Source1: invalid-colors.gif
Patch6000: backport-CVE-2021-46829.patch
Patch6001: backport-CVE-2021-44648.patch
BuildRequires: docbook-style-xsl
BuildRequires: gettext
@ -65,6 +67,7 @@ developing applications that uses gdk-pixbuf2 xlib and test.
%prep
%autosetup -n gdk-pixbuf-%{version} -p1
cp %{SOURCE1} ./tests/test-images/gif-test-suite/invalid-colors.gif
%build
%meson \
@ -130,6 +133,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
%{_mandir}/man1/gdk-pixbuf-csource.1*
%changelog
* Tue Jun 20 2023 zhangpan <zhangpan103@h-partners.com> - 2.42.6-5
- fix CVE-2021-44648
* Thu Aug 25 2022 wangkerong <wangkerong@h-partners.com> - 2.42.6-4
- fix CVE-2021-46829

BIN
invalid-colors.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 B