void-packages/srcpkgs/libpgf/patches/CVE-2015-6673.patch

98 lines
3.9 KiB
Diff

--- libpgf-6.14.12.orig/include/PGFimage.h
+++ libpgf-6.14.12/include/PGFimage.h
@@ -538,7 +538,7 @@
ProgressMode m_progressMode; ///< progress mode used in Read and Write; PM_Relative is default mode
void ComputeLevels();
- void CompleteHeader();
+ bool CompleteHeader();
void RgbToYuv(int pitch, UINT8* rgbBuff, BYTE bpp, int channelMap[], CallbackPtr cb, void *data) THROW_;
void Downsample(int nChannel);
UINT32 UpdatePostHeaderSize() THROW_;
--- libpgf-6.14.12.orig/src/PGFimage.cpp
+++ libpgf-6.14.12/src/PGFimage.cpp
@@ -145,7 +145,7 @@
m_height[0] = m_header.height;
// complete header
- CompleteHeader();
+ if (!CompleteHeader()) ReturnWithError(FormatCannotRead);
// interpret quant parameter
if (m_header.quality > DownsampleThreshold &&
@@ -205,7 +205,7 @@
}
////////////////////////////////////////////////////////////
-void CPGFImage::CompleteHeader() {
+bool CPGFImage::CompleteHeader() {
if (m_header.mode == ImageModeUnknown) {
// undefined mode
switch(m_header.bpp) {
@@ -261,20 +261,21 @@
// change mode
m_header.mode = ImageModeRGBA;
}
- ASSERT(m_header.mode != ImageModeBitmap || m_header.bpp == 1);
- ASSERT(m_header.mode != ImageModeIndexedColor || m_header.bpp == 8);
- ASSERT(m_header.mode != ImageModeGrayScale || m_header.bpp == 8);
- ASSERT(m_header.mode != ImageModeGray16 || m_header.bpp == 16);
- ASSERT(m_header.mode != ImageModeGray32 || m_header.bpp == 32);
- ASSERT(m_header.mode != ImageModeRGBColor || m_header.bpp == 24);
- ASSERT(m_header.mode != ImageModeRGBA || m_header.bpp == 32);
- ASSERT(m_header.mode != ImageModeRGB12 || m_header.bpp == 12);
- ASSERT(m_header.mode != ImageModeRGB16 || m_header.bpp == 16);
- ASSERT(m_header.mode != ImageModeRGB48 || m_header.bpp == 48);
- ASSERT(m_header.mode != ImageModeLabColor || m_header.bpp == 24);
- ASSERT(m_header.mode != ImageModeLab48 || m_header.bpp == 48);
- ASSERT(m_header.mode != ImageModeCMYKColor || m_header.bpp == 32);
- ASSERT(m_header.mode != ImageModeCMYK64 || m_header.bpp == 64);
+
+ if (m_header.mode == ImageModeBitmap && m_header.bpp != 1) return false;
+ if (m_header.mode == ImageModeIndexedColor && m_header.bpp != 8) return false;
+ if (m_header.mode == ImageModeGrayScale && m_header.bpp != 8) return false;
+ if (m_header.mode == ImageModeGray16 && m_header.bpp != 16) return false;
+ if (m_header.mode == ImageModeGray32 && m_header.bpp != 32) return false;
+ if (m_header.mode == ImageModeRGBColor && m_header.bpp != 24) return false;
+ if (m_header.mode == ImageModeRGBA && m_header.bpp != 32) return false;
+ if (m_header.mode == ImageModeRGB12 && m_header.bpp != 12) return false;
+ if (m_header.mode == ImageModeRGB16 && m_header.bpp != 16) return false;
+ if (m_header.mode == ImageModeRGB48 && m_header.bpp != 48) return false;
+ if (m_header.mode == ImageModeLabColor && m_header.bpp != 24) return false;
+ if (m_header.mode == ImageModeLab48 && m_header.bpp != 48) return false;
+ if (m_header.mode == ImageModeCMYKColor && m_header.bpp != 32) return false;
+ if (m_header.mode == ImageModeCMYK64 && m_header.bpp != 64) return false;
// set number of channels
if (!m_header.channels) {
@@ -300,8 +301,7 @@
m_header.channels = 4;
break;
default:
- ASSERT(false);
- m_header.channels = 3;
+ return false;
}
}
@@ -311,6 +311,8 @@
if (!m_header.usedBitsPerChannel || m_header.usedBitsPerChannel > bpc) {
m_header.usedBitsPerChannel = bpc;
}
+
+ return true;
}
//////////////////////////////////////////////////////////////////////
--- libpgf-6.14.12.orig/src/Decoder.cpp
+++ libpgf-6.14.12/src/Decoder.cpp
@@ -158,7 +158,7 @@
if (size > 0) {
// read post-header
if (header.mode == ImageModeIndexedColor) {
- ASSERT((size_t)size >= ColorTableSize);
+ if (size < ColorTableSize) ReturnWithError(FormatCannotRead);
// read color table
count = expected = ColorTableSize;
m_stream->Read(&count, postHeader.clut);