blob: 291f53b457eb62684128451b2fff3f2025faab67 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
$NetBSD: patch-ag,v 1.1 2008/04/01 15:51:25 tonnerre Exp $
Fix buffer overflow vulnerability derived from old code (CVE-2006-4484).
--- pTk/mTk/generic/tkImgGIF.c.orig 2004-02-29 11:20:28.000000000 +0100
+++ pTk/mTk/generic/tkImgGIF.c
@@ -826,7 +826,7 @@ ReadImage(interp, imagePtr, chan, len, r
/*
* Initialize the decoder
*/
- if (! ReadOK(chan, &initialCodeSize, 1)) {
+ if (! ReadOK(chan, &initialCodeSize, 1) || initialCodeSize > MAX_LWZ_BITS) {
Tcl_AppendResult(interp, "error reading GIF image: ",
Tcl_PosixError(interp), (char *) NULL);
return TCL_ERROR;
|