packages/libwebp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add missing patch

Browse Source 
(cherry picked from commit d4e20cacba02b5729a854d50c43bb593fa2e4a8d)
This commit is contained in:
zhouwenpei 2023-09-26 03:47:05 +00:00 committed by openeuler-sync-bot
parent 80b8cf72ef
commit 4250e27520
3 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
cve-2023-4863.patch → backport-0001-CVE-2023-4863.patch
View File

45
backport-0002-CVE-2023-4863.patch Normal file
View File

@ -0,0 +1,45 @@
From 95ea5226c870449522240ccff26f0b006037c520 Mon Sep 17 00:00:00 2001
From: Vincent Rabaud <vrabaud@google.com>
Date: Mon, 11 Sep 2023 16:06:08 +0200
Subject: [PATCH] Fix invalid incremental decoding check.
The first condition is only necessary if we have not read enough
(enough being defined by src_last, not src_end which is the end
of the image).
The second condition now fits the comment below: "if not
incremental, and we are past the end of buffer".
BUG=oss-fuzz:62136
Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f
---
src/dec/vp8l_dec.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
index 5ab34f56c..809b1aa98 100644
--- a/src/dec/vp8l_dec.c
+++ b/src/dec/vp8l_dec.c
@@ -1233,9 +1233,20 @@ static int DecodeImageData(VP8LDecoder* const dec, uint32_t* const data,
}
br->eos_ = VP8LIsEndOfStream(br);
- if (dec->incremental_ && br->eos_ && src < src_end) {
+ // In incremental decoding:
+ // br->eos_ && src < src_last: if 'br' reached the end of the buffer and
+ // 'src_last' has not been reached yet, there is not enough data. 'dec' has to
+ // be reset until there is more data.
+ // !br->eos_ && src < src_last: this cannot happen as either the buffer is
+ // fully read, either enough has been read to reach 'src_last'.
+ // src >= src_last: 'src_last' is reached, all is fine. 'src' can actually go
+ // beyond 'src_last' in case the image is cropped and an LZ77 goes further.
+ // The buffer might have been enough or there is some left. 'br->eos_' does
+ // not matter.
+ assert(!dec->incremental_ || (br->eos_ && src < src_last) || src >= src_last);
+ if (dec->incremental_ && br->eos_ && src < src_last) {
RestoreState(dec);
- } else if (!br->eos_) {
+ } else if ((dec->incremental_ && src >= src_last) || !br->eos_) {
// Process the remaining rows corresponding to last row-block.
if (process_func != NULL) {
process_func(dec, row > last_row ? last_row : row);

8
libwebp.spec
View File

@ -1,6 +1,6 @@
Name: libwebp
Version: 1.2.1
Release: 4
Release: 5
URL: http://www.linuxfromscratch.org/blfs/view/svn/general/libwebp.html
Summary: Library and tools for the WebP graphics format
License: BSD
@ -8,7 +8,8 @@ Source0: http://downloads.webmproject.org/releases/webp/%{name}-%{version}
Patch6000: libwebp-freeglut.patch
Patch6001: backport-CVE-2023-1999.patch
Patch6002: cve-2023-4863.patch
Patch6002: backport-0001-CVE-2023-4863.patch
Patch6003: backport-0002-CVE-2023-4863.patch
BuildRequires: libjpeg-devel libpng-devel giflib-devel libtiff-devel
BuildRequires: java-devel jpackage-utils swig freeglut-devel
@ -113,6 +114,9 @@ cp swig/*.jar swig/*.so %{buildroot}/%{_libdir}/%{name}-java/
%{_mandir}/man*/*
%changelog
* Tue Sep 26 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 1.2.1-5
- add missing patch
* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 1.2.1-4
- fix cve-2023-4863