summaryrefslogtreecommitdiff
path: root/lang/swi-prolog-lite
diff options
context:
space:
mode:
authoris <is>2013-01-24 12:03:08 +0000
committeris <is>2013-01-24 12:03:08 +0000
commit52352a740f1182ba6cb43ba9911f902afdbdda5a (patch)
tree756f400726765630939adef87becca5a995bac04 /lang/swi-prolog-lite
parent7134ad3b121637af40282d36b3f5e862eed7d17c (diff)
downloadpkgsrc-52352a740f1182ba6cb43ba9911f902afdbdda5a.tar.gz
Fix gif (lzw) decoding vulnerability (CVS-2011-2896). Patches from upstream;
passes upstream's test now.
Diffstat (limited to 'lang/swi-prolog-lite')
-rw-r--r--lang/swi-prolog-lite/distinfo3
-rw-r--r--lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c84
2 files changed, 86 insertions, 1 deletions
diff --git a/lang/swi-prolog-lite/distinfo b/lang/swi-prolog-lite/distinfo
index 3f9d88b9ddd..2913fae5ee3 100644
--- a/lang/swi-prolog-lite/distinfo
+++ b/lang/swi-prolog-lite/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2012/11/07 15:30:04 joerg Exp $
+$NetBSD: distinfo,v 1.16 2013/01/24 12:03:08 is Exp $
SHA1 (swi-prolog/pl-5.11.18.tar.gz) = b929d47f2e92230e2afcaaaf25e9a34c40adc54e
RMD160 (swi-prolog/pl-5.11.18.tar.gz) = 1cbf0dab3a9cd63b3178d6a43c983b31402d7b7f
@@ -7,4 +7,5 @@ SHA1 (patch-ad) = 7b3899fe4162582efe955c67d5dc3ed42e7d1702
SHA1 (patch-ae) = 4135212b4c5faf70e01e78e45df5e1a0ccc927a6
SHA1 (patch-ar) = 2bf3648f29c6263ea2efe13b95309a1fe72b14b8
SHA1 (patch-packages_clib_sha1_brg_endian.h) = db9f50eb0d0f92e44a79048d0bb84b690945964b
+SHA1 (patch-packages_xpce_src_img_gifread.c) = 5ef16b048f8343cde92a17d9fd3c78b0c3e7c374
SHA1 (patch-src_pl-funcs.h) = 792257fcc533c835a607e6d660ed42058b7a8a95
diff --git a/lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c b/lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c
new file mode 100644
index 00000000000..57cb2bd927d
--- /dev/null
+++ b/lang/swi-prolog-lite/patches/patch-packages_xpce_src_img_gifread.c
@@ -0,0 +1,84 @@
+$NetBSD: patch-packages_xpce_src_img_gifread.c,v 1.1 2013/01/24 12:03:09 is Exp $
+
+--- gifread.c.orig 2011-03-23 18:57:54.000000000 +0000
++++ packages/xpce/src/img/gifread.c
+@@ -169,7 +169,7 @@ GIFReadFD(IOSTREAM *fd,
+ /* read colormaps */
+ if ( BitSet((UCHAR) buf[4], LOCALCOLORMAP) )
+ { if ( (rval=ReadColorMap(fd, GifScreen.BitPixel, at, ac, closure))
+- != GIF_OK )
++ != GIF_OK )
+ { setGifError("Error reading GIF colormap");
+ return rval;
+ }
+@@ -466,7 +466,7 @@ LZWReadByte(IOSTREAM * fd, int flag, int
+ firstcode = oldcode = GetCode(fd, code_size, FALSE);
+ }
+ while (firstcode == clear_code);
+- return firstcode;
++ return (firstcode&255);
+ }
+ if (sp > stack)
+ return *--sp;
+@@ -487,11 +487,11 @@ LZWReadByte(IOSTREAM * fd, int flag, int
+ max_code = clear_code + 2;
+ sp = stack;
+ firstcode = oldcode = GetCode(fd, code_size, FALSE);
+- return firstcode;
+- } else if (code == end_code)
++ return (firstcode&255);
++ } else if (code == end_code || code > max_code)
+ {
+ int count;
+- UCHAR buf[260];
++ UCHAR buf[260]; /* Block buffer */
+
+ if (ZeroDataBlock)
+ return -2;
+@@ -505,11 +505,12 @@ LZWReadByte(IOSTREAM * fd, int flag, int
+ incode = code;
+
+ if (code >= max_code)
+- {
+- *sp++ = firstcode;
++ { if ( sp < stack+sizeof(stack) ) /* stack is UCHAR */
++ *sp++ = firstcode;
++
+ code = oldcode;
+ }
+- while (code >= clear_code)
++ while (code >= clear_code && sp < stack+sizeof(stack))
+ {
+ *sp++ = vals[code];
+ if (code == (int) next[code])
+@@ -520,7 +521,8 @@ LZWReadByte(IOSTREAM * fd, int flag, int
+ code = next[code];
+ }
+
+- *sp++ = firstcode = vals[code];
++ if ( sp < stack+sizeof(stack) )
++ *sp++ = firstcode = vals[code];
+
+ if ((code = max_code) < (1 << MAX_LZW_BITS))
+ {
+@@ -537,9 +539,9 @@ LZWReadByte(IOSTREAM * fd, int flag, int
+ oldcode = incode;
+
+ if (sp > stack)
+- return *--sp;
++ return ((*--sp) & 255);
+ }
+- return code;
++ return (code&255);
+ }
+
+
+@@ -554,7 +556,7 @@ ReadImage(IOSTREAM *fd,
+ int xpos = 0, ypos = 0, pass = 0;
+ long curidx;
+
+- if (!ReadOK(fd, &c, 1))
++ if ( !ReadOK(fd, &c, 1) || c > MAX_LZW_BITS )
+ { return GIF_INVALID;
+ }
+ if (LZWReadByte(fd, TRUE, c) < 0)