blob: dbe4f7f6804ee27e3ef3beee7e21b9b4fbbcae5d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
$NetBSD: patch-cb,v 1.2 2011/01/31 10:22:26 wiz Exp $
fix some insufficient validation of graphics files, patches from Ubuntu
(CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809)
--- src/modules/loaders/loader_jpeg.c.orig 2006-09-05 02:37:07.000000000 +0200
+++ src/modules/loaders/loader_jpeg.c
@@ -95,6 +95,13 @@ load(ImlibImage * im, ImlibProgressFunct
UNSET_FLAG(im->flags, F_HAS_ALPHA);
im->format = strdup("jpeg");
}
+ if (w < 1 || h < 1 || w > 16383 || h > 16383)
+ {
+ im->w = im->h = 0;
+ jpeg_destroy_decompress(&cinfo);
+ fclose(f);
+ return 0;
+ }
if (((!im->data) && (im->loader)) || (immediate_load) || (progress))
{
DATA8 *ptr, *line[16], *data;
|