diff options
author | is <is> | 2013-01-24 12:03:08 +0000 |
---|---|---|
committer | is <is> | 2013-01-24 12:03:08 +0000 |
commit | 52352a740f1182ba6cb43ba9911f902afdbdda5a (patch) | |
tree | 756f400726765630939adef87becca5a995bac04 /lang/swi-prolog-lite | |
parent | 7134ad3b121637af40282d36b3f5e862eed7d17c (diff) | |
download | pkgsrc-52352a740f1182ba6cb43ba9911f902afdbdda5a.tar.gz |
Fix gif (lzw) decoding vulnerability (CVS-2011-2896). Patches from upstream;
passes upstream's test now.
Diffstat (limited to 'lang/swi-prolog-lite')
-rw-r--r-- | lang/swi-prolog-lite/distinfo | 3 | ||||
-rw-r--r-- | lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c | 84 |
2 files changed, 86 insertions, 1 deletions
diff --git a/lang/swi-prolog-lite/distinfo b/lang/swi-prolog-lite/distinfo index 3f9d88b9ddd..2913fae5ee3 100644 --- a/lang/swi-prolog-lite/distinfo +++ b/lang/swi-prolog-lite/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2012/11/07 15:30:04 joerg Exp $ +$NetBSD: distinfo,v 1.16 2013/01/24 12:03:08 is Exp $ SHA1 (swi-prolog/pl-5.11.18.tar.gz) = b929d47f2e92230e2afcaaaf25e9a34c40adc54e RMD160 (swi-prolog/pl-5.11.18.tar.gz) = 1cbf0dab3a9cd63b3178d6a43c983b31402d7b7f @@ -7,4 +7,5 @@ SHA1 (patch-ad) = 7b3899fe4162582efe955c67d5dc3ed42e7d1702 SHA1 (patch-ae) = 4135212b4c5faf70e01e78e45df5e1a0ccc927a6 SHA1 (patch-ar) = 2bf3648f29c6263ea2efe13b95309a1fe72b14b8 SHA1 (patch-packages_clib_sha1_brg_endian.h) = db9f50eb0d0f92e44a79048d0bb84b690945964b +SHA1 (patch-packages_xpce_src_img_gifread.c) = 5ef16b048f8343cde92a17d9fd3c78b0c3e7c374 SHA1 (patch-src_pl-funcs.h) = 792257fcc533c835a607e6d660ed42058b7a8a95 diff --git a/lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c b/lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c new file mode 100644 index 00000000000..57cb2bd927d --- /dev/null +++ b/lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c @@ -0,0 +1,84 @@ +$NetBSD: patch-packages_xpce_src_img_gifread.c,v 1.1 2013/01/24 12:03:09 is Exp $ + +--- gifread.c.orig 2011-03-23 18:57:54.000000000 +0000 ++++ packages/xpce/src/img/gifread.c +@@ -169,7 +169,7 @@ GIFReadFD(IOSTREAM *fd, + /* read colormaps */ + if ( BitSet((UCHAR) buf[4], LOCALCOLORMAP) ) + { if ( (rval=ReadColorMap(fd, GifScreen.BitPixel, at, ac, closure)) +- != GIF_OK ) ++ != GIF_OK ) + { setGifError("Error reading GIF colormap"); + return rval; + } +@@ -466,7 +466,7 @@ LZWReadByte(IOSTREAM * fd, int flag, int + firstcode = oldcode = GetCode(fd, code_size, FALSE); + } + while (firstcode == clear_code); +- return firstcode; ++ return (firstcode&255); + } + if (sp > stack) + return *--sp; +@@ -487,11 +487,11 @@ LZWReadByte(IOSTREAM * fd, int flag, int + max_code = clear_code + 2; + sp = stack; + firstcode = oldcode = GetCode(fd, code_size, FALSE); +- return firstcode; +- } else if (code == end_code) ++ return (firstcode&255); ++ } else if (code == end_code || code > max_code) + { + int count; +- UCHAR buf[260]; ++ UCHAR buf[260]; /* Block buffer */ + + if (ZeroDataBlock) + return -2; +@@ -505,11 +505,12 @@ LZWReadByte(IOSTREAM * fd, int flag, int + incode = code; + + if (code >= max_code) +- { +- *sp++ = firstcode; ++ { if ( sp < stack+sizeof(stack) ) /* stack is UCHAR */ ++ *sp++ = firstcode; ++ + code = oldcode; + } +- while (code >= clear_code) ++ while (code >= clear_code && sp < stack+sizeof(stack)) + { + *sp++ = vals[code]; + if (code == (int) next[code]) +@@ -520,7 +521,8 @@ LZWReadByte(IOSTREAM * fd, int flag, int + code = next[code]; + } + +- *sp++ = firstcode = vals[code]; ++ if ( sp < stack+sizeof(stack) ) ++ *sp++ = firstcode = vals[code]; + + if ((code = max_code) < (1 << MAX_LZW_BITS)) + { +@@ -537,9 +539,9 @@ LZWReadByte(IOSTREAM * fd, int flag, int + oldcode = incode; + + if (sp > stack) +- return *--sp; ++ return ((*--sp) & 255); + } +- return code; ++ return (code&255); + } + + +@@ -554,7 +556,7 @@ ReadImage(IOSTREAM *fd, + int xpos = 0, ypos = 0, pass = 0; + long curidx; + +- if (!ReadOK(fd, &c, 1)) ++ if ( !ReadOK(fd, &c, 1) || c > MAX_LZW_BITS ) + { return GIF_INVALID; + } + if (LZWReadByte(fd, TRUE, c) < 0) |