libpgf: fix CVE-2015-6673
This commit is contained in:
maxice8
maxice8
parent
af3969db07
commit
62cb04acc2
|
|
@ -0,0 +1,97 @@
|
|||
--- libpgf-6.14.12.orig/include/PGFimage.h
|
||||
+++ libpgf-6.14.12/include/PGFimage.h
|
||||
@@ -538,7 +538,7 @@
|
||||
ProgressMode m_progressMode; ///< progress mode used in Read and Write; PM_Relative is default mode
|
||||
|
||||
void ComputeLevels();
|
||||
- void CompleteHeader();
|
||||
+ bool CompleteHeader();
|
||||
void RgbToYuv(int pitch, UINT8* rgbBuff, BYTE bpp, int channelMap[], CallbackPtr cb, void *data) THROW_;
|
||||
void Downsample(int nChannel);
|
||||
UINT32 UpdatePostHeaderSize() THROW_;
|
||||
--- libpgf-6.14.12.orig/src/PGFimage.cpp
|
||||
+++ libpgf-6.14.12/src/PGFimage.cpp
|
||||
@@ -145,7 +145,7 @@
|
||||
m_height[0] = m_header.height;
|
||||
|
||||
// complete header
|
||||
- CompleteHeader();
|
||||
+ if (!CompleteHeader()) ReturnWithError(FormatCannotRead);
|
||||
|
||||
// interpret quant parameter
|
||||
if (m_header.quality > DownsampleThreshold &&
|
||||
@@ -205,7 +205,7 @@
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////
|
||||
-void CPGFImage::CompleteHeader() {
|
||||
+bool CPGFImage::CompleteHeader() {
|
||||
if (m_header.mode == ImageModeUnknown) {
|
||||
// undefined mode
|
||||
switch(m_header.bpp) {
|
||||
@@ -261,20 +261,21 @@
|
||||
// change mode
|
||||
m_header.mode = ImageModeRGBA;
|
||||
}
|
||||
- ASSERT(m_header.mode != ImageModeBitmap || m_header.bpp == 1);
|
||||
- ASSERT(m_header.mode != ImageModeIndexedColor || m_header.bpp == 8);
|
||||
- ASSERT(m_header.mode != ImageModeGrayScale || m_header.bpp == 8);
|
||||
- ASSERT(m_header.mode != ImageModeGray16 || m_header.bpp == 16);
|
||||
- ASSERT(m_header.mode != ImageModeGray32 || m_header.bpp == 32);
|
||||
- ASSERT(m_header.mode != ImageModeRGBColor || m_header.bpp == 24);
|
||||
- ASSERT(m_header.mode != ImageModeRGBA || m_header.bpp == 32);
|
||||
- ASSERT(m_header.mode != ImageModeRGB12 || m_header.bpp == 12);
|
||||
- ASSERT(m_header.mode != ImageModeRGB16 || m_header.bpp == 16);
|
||||
- ASSERT(m_header.mode != ImageModeRGB48 || m_header.bpp == 48);
|
||||
- ASSERT(m_header.mode != ImageModeLabColor || m_header.bpp == 24);
|
||||
- ASSERT(m_header.mode != ImageModeLab48 || m_header.bpp == 48);
|
||||
- ASSERT(m_header.mode != ImageModeCMYKColor || m_header.bpp == 32);
|
||||
- ASSERT(m_header.mode != ImageModeCMYK64 || m_header.bpp == 64);
|
||||
+
|
||||
+ if (m_header.mode == ImageModeBitmap && m_header.bpp != 1) return false;
|
||||
+ if (m_header.mode == ImageModeIndexedColor && m_header.bpp != 8) return false;
|
||||
+ if (m_header.mode == ImageModeGrayScale && m_header.bpp != 8) return false;
|
||||
+ if (m_header.mode == ImageModeGray16 && m_header.bpp != 16) return false;
|
||||
+ if (m_header.mode == ImageModeGray32 && m_header.bpp != 32) return false;
|
||||
+ if (m_header.mode == ImageModeRGBColor && m_header.bpp != 24) return false;
|
||||
+ if (m_header.mode == ImageModeRGBA && m_header.bpp != 32) return false;
|
||||
+ if (m_header.mode == ImageModeRGB12 && m_header.bpp != 12) return false;
|
||||
+ if (m_header.mode == ImageModeRGB16 && m_header.bpp != 16) return false;
|
||||
+ if (m_header.mode == ImageModeRGB48 && m_header.bpp != 48) return false;
|
||||
+ if (m_header.mode == ImageModeLabColor && m_header.bpp != 24) return false;
|
||||
+ if (m_header.mode == ImageModeLab48 && m_header.bpp != 48) return false;
|
||||
+ if (m_header.mode == ImageModeCMYKColor && m_header.bpp != 32) return false;
|
||||
+ if (m_header.mode == ImageModeCMYK64 && m_header.bpp != 64) return false;
|
||||
|
||||
// set number of channels
|
||||
if (!m_header.channels) {
|
||||
@@ -300,8 +301,7 @@
|
||||
m_header.channels = 4;
|
||||
break;
|
||||
default:
|
||||
- ASSERT(false);
|
||||
- m_header.channels = 3;
|
||||
+ return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -311,6 +311,8 @@
|
||||
if (!m_header.usedBitsPerChannel || m_header.usedBitsPerChannel > bpc) {
|
||||
m_header.usedBitsPerChannel = bpc;
|
||||
}
|
||||
+
|
||||
+ return true;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
--- libpgf-6.14.12.orig/src/Decoder.cpp
|
||||
+++ libpgf-6.14.12/src/Decoder.cpp
|
||||
@@ -158,7 +158,7 @@
|
||||
if (size > 0) {
|
||||
// read post-header
|
||||
if (header.mode == ImageModeIndexedColor) {
|
||||
- ASSERT((size_t)size >= ColorTableSize);
|
||||
+ if (size < ColorTableSize) ReturnWithError(FormatCannotRead);
|
||||
// read color table
|
||||
count = expected = ColorTableSize;
|
||||
m_stream->Read(&count, postHeader.clut);
|
||||
|
|
@ -1,18 +1,17 @@
|
|||
# Template file for 'libpgf'
|
||||
# vim: set ts=4 sw=4 sts=4 et:
|
||||
|
||||
pkgname=libpgf
|
||||
version=6.14.12
|
||||
revision=2
|
||||
maintainer="Carlo Dormeletti <carloDOTdormelettiATaliceDOTit>"
|
||||
homepage="http://www.libpgf.org"
|
||||
license="LGPL-2.1"
|
||||
short_desc="Library for working with PGF (Progresive Graphics File) images"
|
||||
revision=3
|
||||
patch_args="-Np1"
|
||||
wrksrc="$pkgname"
|
||||
build_style=gnu-configure
|
||||
hostmakedepends="automake libtool"
|
||||
short_desc="Library for working with PGF (Progresive Graphics File) images"
|
||||
maintainer="Orphaned <orphan@voidlinux.eu>"
|
||||
license="LGPL-2.1-or-later"
|
||||
homepage="http://www.libpgf.org"
|
||||
distfiles="${SOURCEFORGE_SITE}/${pkgname}/${pkgname}/${version}-latest/${pkgname}-src-${version}.tar.gz"
|
||||
checksum="bda5995d80762966a25fca3f6a9821f4458657aa87d8631c014c166ae09258eb"
|
||||
wrksrc="${pkgname}"
|
||||
checksum=bda5995d80762966a25fca3f6a9821f4458657aa87d8631c014c166ae09258eb
|
||||
|
||||
pre_configure() {
|
||||
sed -i 's/\r//g' configure.ac
|
||||
|
|
|
|||
Loading…
Reference in New Issue