snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

libpgf: fix CVE-2015-6673

This commit is contained in:
maxice8 2018-10-02 15:46:16 -03:00 committed by maxice8
parent af3969db07
commit 62cb04acc2
2 changed files with 105 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
srcpkgs/libpgf/patches/CVE-2015-6673.patch Normal file
View File

@ -0,0 +1,97 @@
--- libpgf-6.14.12.orig/include/PGFimage.h
+++ libpgf-6.14.12/include/PGFimage.h
@@ -538,7 +538,7 @@
ProgressMode m_progressMode; ///< progress mode used in Read and Write; PM_Relative is default mode
void ComputeLevels();
- void CompleteHeader();
+ bool CompleteHeader();
void RgbToYuv(int pitch, UINT8* rgbBuff, BYTE bpp, int channelMap[], CallbackPtr cb, void *data) THROW_;
void Downsample(int nChannel);
UINT32 UpdatePostHeaderSize() THROW_;
--- libpgf-6.14.12.orig/src/PGFimage.cpp
+++ libpgf-6.14.12/src/PGFimage.cpp
@@ -145,7 +145,7 @@
m_height[0] = m_header.height;
// complete header
- CompleteHeader();
+ if (!CompleteHeader()) ReturnWithError(FormatCannotRead);
// interpret quant parameter
if (m_header.quality > DownsampleThreshold &&
@@ -205,7 +205,7 @@
}
////////////////////////////////////////////////////////////
-void CPGFImage::CompleteHeader() {
+bool CPGFImage::CompleteHeader() {
if (m_header.mode == ImageModeUnknown) {
// undefined mode
switch(m_header.bpp) {
@@ -261,20 +261,21 @@
// change mode
m_header.mode = ImageModeRGBA;
}
- ASSERT(m_header.mode != ImageModeBitmap || m_header.bpp == 1);
- ASSERT(m_header.mode != ImageModeIndexedColor || m_header.bpp == 8);
- ASSERT(m_header.mode != ImageModeGrayScale || m_header.bpp == 8);
- ASSERT(m_header.mode != ImageModeGray16 || m_header.bpp == 16);
- ASSERT(m_header.mode != ImageModeGray32 || m_header.bpp == 32);
- ASSERT(m_header.mode != ImageModeRGBColor || m_header.bpp == 24);
- ASSERT(m_header.mode != ImageModeRGBA || m_header.bpp == 32);
- ASSERT(m_header.mode != ImageModeRGB12 || m_header.bpp == 12);
- ASSERT(m_header.mode != ImageModeRGB16 || m_header.bpp == 16);
- ASSERT(m_header.mode != ImageModeRGB48 || m_header.bpp == 48);
- ASSERT(m_header.mode != ImageModeLabColor || m_header.bpp == 24);
- ASSERT(m_header.mode != ImageModeLab48 || m_header.bpp == 48);
- ASSERT(m_header.mode != ImageModeCMYKColor || m_header.bpp == 32);
- ASSERT(m_header.mode != ImageModeCMYK64 || m_header.bpp == 64);
+
+ if (m_header.mode == ImageModeBitmap && m_header.bpp != 1) return false;
+ if (m_header.mode == ImageModeIndexedColor && m_header.bpp != 8) return false;
+ if (m_header.mode == ImageModeGrayScale && m_header.bpp != 8) return false;
+ if (m_header.mode == ImageModeGray16 && m_header.bpp != 16) return false;
+ if (m_header.mode == ImageModeGray32 && m_header.bpp != 32) return false;
+ if (m_header.mode == ImageModeRGBColor && m_header.bpp != 24) return false;
+ if (m_header.mode == ImageModeRGBA && m_header.bpp != 32) return false;
+ if (m_header.mode == ImageModeRGB12 && m_header.bpp != 12) return false;
+ if (m_header.mode == ImageModeRGB16 && m_header.bpp != 16) return false;
+ if (m_header.mode == ImageModeRGB48 && m_header.bpp != 48) return false;
+ if (m_header.mode == ImageModeLabColor && m_header.bpp != 24) return false;
+ if (m_header.mode == ImageModeLab48 && m_header.bpp != 48) return false;
+ if (m_header.mode == ImageModeCMYKColor && m_header.bpp != 32) return false;
+ if (m_header.mode == ImageModeCMYK64 && m_header.bpp != 64) return false;
// set number of channels
if (!m_header.channels) {
@@ -300,8 +301,7 @@
m_header.channels = 4;
break;
default:
- ASSERT(false);
- m_header.channels = 3;
+ return false;
}
}
@@ -311,6 +311,8 @@
if (!m_header.usedBitsPerChannel || m_header.usedBitsPerChannel > bpc) {
m_header.usedBitsPerChannel = bpc;
}
+
+ return true;
}
//////////////////////////////////////////////////////////////////////
--- libpgf-6.14.12.orig/src/Decoder.cpp
+++ libpgf-6.14.12/src/Decoder.cpp
@@ -158,7 +158,7 @@
if (size > 0) {
// read post-header
if (header.mode == ImageModeIndexedColor) {
- ASSERT((size_t)size >= ColorTableSize);
+ if (size < ColorTableSize) ReturnWithError(FormatCannotRead);
// read color table
count = expected = ColorTableSize;
m_stream->Read(&count, postHeader.clut);

17
srcpkgs/libpgf/template
View File

@ -1,18 +1,17 @@
# Template file for 'libpgf' # Template file for 'libpgf'
# vim: set ts=4 sw=4 sts=4 et:
pkgname=libpgf pkgname=libpgf
version=6.14.12 version=6.14.12
revision=2 revision=3
maintainer="Carlo Dormeletti <carloDOTdormelettiATaliceDOTit>" patch_args="-Np1"
homepage="http://www.libpgf.org" wrksrc="$pkgname"
license="LGPL-2.1"
short_desc="Library for working with PGF (Progresive Graphics File) images"
build_style=gnu-configure build_style=gnu-configure
hostmakedepends="automake libtool" hostmakedepends="automake libtool"
short_desc="Library for working with PGF (Progresive Graphics File) images"
maintainer="Orphaned <orphan@voidlinux.eu>"
license="LGPL-2.1-or-later"
homepage="http://www.libpgf.org"
distfiles="${SOURCEFORGE_SITE}/${pkgname}/${pkgname}/${version}-latest/${pkgname}-src-${version}.tar.gz" distfiles="${SOURCEFORGE_SITE}/${pkgname}/${pkgname}/${version}-latest/${pkgname}-src-${version}.tar.gz"
checksum="bda5995d80762966a25fca3f6a9821f4458657aa87d8631c014c166ae09258eb" checksum=bda5995d80762966a25fca3f6a9821f4458657aa87d8631c014c166ae09258eb
wrksrc="${pkgname}"
pre_configure() { pre_configure() {
sed -i 's/\r//g' configure.ac sed -i 's/\r//g' configure.ac