graphics/gimp1-base/patches/patch-ab


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

$NetBSD: patch-ab,v 1.1 2008/03/23 14:27:51 tonnerre Exp $

Fix Sun RAS buffer overflow (CVE-2007-2356).

--- plug-ins/common/sunras.c.orig	2003-01-15 03:04:01.000000000 +0100
+++ plug-ins/common/sunras.c
@@ -101,7 +101,7 @@ static gint   save_image (gchar   *filen
                           gint32   image_ID,
                           gint32   drawable_ID);
 
-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
+static void set_color_table (gint32, L_SUNFILEHEADER *, const guchar *);
 
 static gint32 create_new_image (char *filename, guint width, guint height,
 				GimpImageBaseType type, gint32 *layer_ID, GimpDrawable **drawable,
@@ -872,7 +872,7 @@ write_sun_cols (FILE            *ofp,
 static void
 set_color_table (gint32           image_ID,
 		 L_SUNFILEHEADER *sunhdr,
-		 guchar          *suncolmap)
+		 const guchar    *suncolmap)
 {
   int ncols, j;
   guchar ColorMap[256*3];
@@ -880,7 +880,7 @@ set_color_table (gint32           image_
   ncols = sunhdr->l_ras_maplength / 3;
   if (ncols <= 0) return;
 
-  for (j = 0; j < ncols; j++)
+  for (j = 0; j < MIN(ncols, 256); j++)
     {
       ColorMap[j*3]   = suncolmap[j];
       ColorMap[j*3+1] = suncolmap[j+ncols];