diff options
author | marcus <marcus@FreeBSD.org> | 2004-09-17 02:09:28 +0000 |
---|---|---|
committer | marcus <marcus@FreeBSD.org> | 2004-09-17 02:09:28 +0000 |
commit | 7beb116c2c7e2d82057f74bfbe314d9855395cfe (patch) | |
tree | 9762571131b9c3c0526b0774d6c6a77b73d0f1b4 /x11-toolkits/gtk20 | |
parent | bd47a3bb3a226a7d7326516359fa8d3fbacd4f0d (diff) | |
download | FreeBSD-ports-7beb116c2c7e2d82057f74bfbe314d9855395cfe.zip FreeBSD-ports-7beb116c2c7e2d82057f74bfbe314d9855395cfe.tar.gz |
Fix recent XPM buffer overflows as described at
http://www.vuxml.org/freebsd/3d1e9267-073f-11d9-b45d-000c41e2cdad.html.
Obtained from: GTK+ CVS
Approved by: portmgr (implicit)
Diffstat (limited to 'x11-toolkits/gtk20')
-rw-r--r-- | x11-toolkits/gtk20/Makefile | 1 | ||||
-rw-r--r-- | x11-toolkits/gtk20/files/patch-pixbuf-security | 100 |
2 files changed, 101 insertions, 0 deletions
diff --git a/x11-toolkits/gtk20/Makefile b/x11-toolkits/gtk20/Makefile index e7c7699..4e3133d 100644 --- a/x11-toolkits/gtk20/Makefile +++ b/x11-toolkits/gtk20/Makefile @@ -7,6 +7,7 @@ PORTNAME= gtk PORTVERSION= 2.4.9 +PORTREVISION= 1 CATEGORIES= x11-toolkits MASTER_SITES= ${MASTER_SITE_GNOME:S,%SUBDIR%,sources/gtk+/2.4,} \ ftp://ftp.gtk.org/pub/gtk/v2.3/ \ diff --git a/x11-toolkits/gtk20/files/patch-pixbuf-security b/x11-toolkits/gtk20/files/patch-pixbuf-security new file mode 100644 index 0000000..6ad822a --- /dev/null +++ b/x11-toolkits/gtk20/files/patch-pixbuf-security @@ -0,0 +1,100 @@ +=================================================================== +RCS file: /cvs/gnome/gtk+/gdk-pixbuf/io-ico.c,v +retrieving revision 1.34 +retrieving revision 1.34.2.1 +diff -u -r1.34 -r1.34.2.1 +--- gdk-pixbuf/io-ico.c 2004/01/07 00:26:58 1.34 ++++ gdk-pixbuf/io-ico.c 2004/09/15 14:32:13 1.34.2.1 +@@ -323,6 +323,14 @@ + + State->HeaderSize+=I; + ++ if (State->HeaderSize < 0) { ++ g_set_error (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, ++ _("Invalid header in icon")); ++ return; ++ } ++ + if (State->HeaderSize>State->BytesInHeaderBuf) { + guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize); + if (!tmp) { +=================================================================== +RCS file: /cvs/gnome/gtk+/gdk-pixbuf/io-xpm.c,v +retrieving revision 1.42 +retrieving revision 1.42.2.1 +diff -u -r1.42 -r1.42.2.1 +--- gdk-pixbuf/io-xpm.c 2003/03/08 20:48:58 1.42 ++++ gdk-pixbuf/io-xpm.c 2004/09/15 14:32:13 1.42.2.1 +@@ -1079,7 +1079,7 @@ + gint key = 0; + gint current_key = 1; + gint space = 128; +- gchar word[128], color[128], current_color[128]; ++ gchar word[129], color[129], current_color[129]; + gchar *r; + + word[0] = '\0'; +@@ -1121,8 +1121,8 @@ + return NULL; + /* accumulate color name */ + if (color[0] != '\0') { +- strcat (color, " "); +- space--; ++ strncat (color, " ", space); ++ space -= MIN (space, 1); + } + strncat (color, word, space); + space -= MIN (space, strlen (word)); +@@ -1246,27 +1246,43 @@ + return NULL; + + } +- if (n_col <= 0) { ++ if (cpp <= 0 || cpp >= 32) { + g_set_error (error, + GDK_PIXBUF_ERROR, + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, +- _("XPM file has invalid number of colors")); ++ _("XPM has invalid number of chars per pixel")); + return NULL; +- + } +- if (cpp <= 0 || cpp >= 32) { ++ if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) { + g_set_error (error, + GDK_PIXBUF_ERROR, + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, +- _("XPM has invalid number of chars per pixel")); ++ _("XPM file has invalid number of colors")); + return NULL; + } + + /* The hash is used for fast lookups of color from chars */ + color_hash = g_hash_table_new (g_str_hash, g_str_equal); + +- name_buf = g_new (gchar, n_col * (cpp + 1)); +- colors = g_new (XPMColor, n_col); ++ name_buf = g_try_malloc (n_col * (cpp + 1)); ++ if (!name_buf) { ++ g_set_error (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY, ++ _("Cannot allocate memory for loading XPM image")); ++ g_hash_table_destroy (color_hash); ++ return NULL; ++ } ++ colors = (XPMColor *) g_try_malloc (sizeof (XPMColor) * n_col); ++ if (!colors) { ++ g_set_error (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY, ++ _("Cannot allocate memory for loading XPM image")); ++ g_hash_table_destroy (color_hash); ++ g_free (name_buf); ++ return NULL; ++ } + + for (cnt = 0; cnt < n_col; cnt++) { + gchar *color_name; |