Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3403.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3403.patch')
-rw-r--r--media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3403.patch511
1 files changed, 0 insertions, 511 deletions
diff --git a/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3403.patch b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3403.patch
deleted file mode 100644
index f7d0b3766a60..000000000000
--- a/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3403.patch
+++ /dev/null
@@ -1,511 +0,0 @@
-From 65ac6cda675fafd57bc182175f685e5d8c1a9cc9 Mon Sep 17 00:00:00 2001
-From: Nils Philippsen <nils@redhat.com>
-Date: Mon, 20 Aug 2012 15:28:44 +0200
-Subject: [PATCH] patch: CVE-2012-3403
-
-Squashed commit of the following:
-
-commit d002e513039a9667a06d3e2ba180f9c18785cc5f
-Author: Nils Philippsen <nils@redhat.com>
-Date: Fri Jul 13 15:47:16 2012 +0200
-
- file-cel: close file on error
-
-commit ec3f1fe7586527ea7e2735b5c8548b925f622d5b
-Author: Nils Philippsen <nils@redhat.com>
-Date: Fri Jul 13 15:33:27 2012 +0200
-
- file-cel: use g_set_error() for errors instead of g_message()
- (cherry picked from commit 86f4cd39bd493c88a7a19b56d1827d8b911e07f6)
-
- Conflicts:
- plug-ins/common/file-cel.c
-
-commit 79bd89bc39195974d5cae2c2b06c829dd90c36ee
-Author: Nils Philippsen <nils@redhat.com>
-Date: Fri Jul 13 15:30:44 2012 +0200
-
- file-cel: use statically allocated palette buffer
- (cherry picked from commit 69b98191cf315bcf0f7b8878896c01600e67c124)
-
-commit 52d85468980b5947cfd3e84f9a256769158210cc
-Author: Nils Philippsen <nils@redhat.com>
-Date: Fri Jul 13 15:20:06 2012 +0200
-
- file-cel: validate header data (CVE-2012-3403)
- (cherry picked from commit b772d1b84c9272bb46ab9a21db4390e6263c9892)
-
-commit 62da97876070839097671e83eb8f5d408515396f
-Author: Nils Philippsen <nils@redhat.com>
-Date: Thu Jul 12 15:50:02 2012 +0200
-
- file-cel: check fread()/g_fopen() return values and pass on errors
- (cherry picked from commit 797db58b94c64f418c35d38b7a608d933c8cebef)
----
- plug-ins/common/file-cel.c | 283 +++++++++++++++++++++++++++++++++++++--------
- 1 file changed, 234 insertions(+), 49 deletions(-)
-
-diff --git a/plug-ins/common/file-cel.c b/plug-ins/common/file-cel.c
-index a94671c..3357561 100644
---- a/plug-ins/common/file-cel.c
-+++ b/plug-ins/common/file-cel.c
-@@ -44,8 +44,10 @@ static void run (const gchar *name,
- gint *nreturn_vals,
- GimpParam **return_vals);
-
--static gint load_palette (FILE *fp,
-- guchar palette[]);
-+static gint load_palette (const gchar *file,
-+ FILE *fp,
-+ guchar palette[],
-+ GError **error);
- static gint32 load_image (const gchar *file,
- const gchar *brief,
- GError **error);
-@@ -55,7 +57,8 @@ static gboolean save_image (const gchar *file,
- gint32 layer,
- GError **error);
- static void palette_dialog (const gchar *title);
--static gboolean need_palette (const gchar *file);
-+static gboolean need_palette (const gchar *file,
-+ GError **error);
-
-
- /* Globals... */
-@@ -150,6 +153,7 @@ run (const gchar *name,
- gint32 image;
- GimpExportReturn export = GIMP_EXPORT_CANCEL;
- GError *error = NULL;
-+ gint needs_palette = 0;
-
- run_mode = param[0].data.d_int32;
-
-@@ -187,20 +191,32 @@ run (const gchar *name,
- else if (run_mode == GIMP_RUN_INTERACTIVE)
- {
- /* Let user choose KCF palette (cancel ignores) */
-- if (need_palette (param[1].data.d_string))
-- palette_dialog (_("Load KISS Palette"));
-+ needs_palette = need_palette (param[1].data.d_string, &error);
-
-- gimp_set_data (SAVE_PROC, palette_file, data_length);
-- }
-+ if (! error)
-+ {
-+ if (needs_palette)
-+ palette_dialog (_("Load KISS Palette"));
-
-- image = load_image (param[1].data.d_string, param[2].data.d_string,
-- &error);
-+ gimp_set_data (SAVE_PROC, palette_file, data_length);
-+ }
-+ }
-
-- if (image != -1)
-+ if (! error)
- {
-- *nreturn_vals = 2;
-- values[1].type = GIMP_PDB_IMAGE;
-- values[1].data.d_image = image;
-+ image = load_image (param[1].data.d_string, param[2].data.d_string,
-+ &error);
-+
-+ if (image != -1)
-+ {
-+ *nreturn_vals = 2;
-+ values[1].type = GIMP_PDB_IMAGE;
-+ values[1].data.d_image = image;
-+ }
-+ else
-+ {
-+ status = GIMP_PDB_EXECUTION_ERROR;
-+ }
- }
- else
- {
-@@ -263,18 +279,33 @@ run (const gchar *name,
-
- /* Peek into the file to determine whether we need a palette */
- static gboolean
--need_palette (const gchar *file)
-+need_palette (const gchar *file,
-+ GError **error)
- {
- FILE *fp;
- guchar header[32];
-+ size_t n_read;
-
- fp = g_fopen (file, "rb");
-- if (!fp)
-- return FALSE;
-+ if (fp == NULL)
-+ {
-+ g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno),
-+ _("Could not open '%s' for reading: %s"),
-+ gimp_filename_to_utf8 (file), g_strerror (errno));
-+ return FALSE;
-+ }
-+
-+ n_read = fread (header, 32, 1, fp);
-
-- fread (header, 32, 1, fp);
- fclose (fp);
-
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("EOF or error while reading image header"));
-+ return FALSE;
-+ }
-+
- return (header[5] < 32);
- }
-
-@@ -286,11 +317,12 @@ load_image (const gchar *file,
- GError **error)
- {
- FILE *fp; /* Read file pointer */
-- guchar header[32]; /* File header */
-+ guchar header[32], /* File header */
-+ file_mark, /* KiSS file type */
-+ bpp; /* Bits per pixel */
- gint height, width, /* Dimensions of image */
- offx, offy, /* Layer offets */
-- colours, /* Number of colours */
-- bpp; /* Bits per pixel */
-+ colours; /* Number of colours */
-
- gint32 image, /* Image */
- layer; /* Layer */
-@@ -301,6 +333,7 @@ load_image (const gchar *file,
- GimpPixelRgn pixel_rgn; /* Pixel region for layer */
-
- gint i, j, k; /* Counters */
-+ size_t n_read; /* Number of items read from file */
-
-
- /* Open the file for reading */
-@@ -319,7 +352,14 @@ load_image (const gchar *file,
-
- /* Get the image dimensions and create the image... */
-
-- fread (header, 4, 1, fp);
-+ n_read = fread (header, 4, 1, fp);
-+
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("EOF or error while reading image header"));
-+ return -1;
-+ }
-
- if (strncmp ((const gchar *) header, "KiSS", 4))
- {
-@@ -332,18 +372,53 @@ load_image (const gchar *file,
- }
- else
- { /* New-style image file, read full header */
-- fread (header, 28, 1, fp);
-+ n_read = fread (header, 28, 1, fp);
-+
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("EOF or error while reading image header"));
-+ return -1;
-+ }
-+
-+ file_mark = header[0];
-+ if (file_mark != 0x20 && file_mark != 0x21)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("is not a CEL image file"));
-+ return -1;
-+ }
-+
- bpp = header[1];
-- if (bpp == 24)
-- colours = -1;
-- else
-- colours = (1 << header[1]);
-+ switch (bpp)
-+ {
-+ case 4:
-+ case 8:
-+ case 32:
-+ colours = (1 << bpp);
-+ break;
-+ default:
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("illegal bpp value in image: %hhu"), bpp);
-+ return -1;
-+ }
-+
- width = header[4] + (256 * header[5]);
- height = header[6] + (256 * header[7]);
- offx = header[8] + (256 * header[9]);
- offy = header[10] + (256 * header[11]);
- }
-
-+ if ((width == 0) || (height == 0) || (width + offx > GIMP_MAX_IMAGE_SIZE) ||
-+ (height + offy > GIMP_MAX_IMAGE_SIZE))
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("illegal image dimensions: width: %d, horizontal offset: "
-+ "%d, height: %d, vertical offset: %d"),
-+ width, offx, height, offy);
-+ return -1;
-+ }
-+
- if (bpp == 32)
- image = gimp_image_new (width + offx, height + offy, GIMP_RGB);
- else
-@@ -351,7 +426,8 @@ load_image (const gchar *file,
-
- if (image == -1)
- {
-- g_message (_("Can't create a new image"));
-+ g_set_error (error, 0, 0, _("Can't create a new image"));
-+ fclose (fp);
- return -1;
- }
-
-@@ -383,7 +459,15 @@ load_image (const gchar *file,
- switch (bpp)
- {
- case 4:
-- fread (buffer, (width+1)/2, 1, fp);
-+ n_read = fread (buffer, (width+1)/2, 1, fp);
-+
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("EOF or error while reading image data"));
-+ return -1;
-+ }
-+
- for (j = 0, k = 0; j < width*2; j+= 4, ++k)
- {
- if (buffer[k] / 16 == 0)
-@@ -410,7 +494,15 @@ load_image (const gchar *file,
- break;
-
- case 8:
-- fread (buffer, width, 1, fp);
-+ n_read = fread (buffer, width, 1, fp);
-+
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("EOF or error while reading image data"));
-+ return -1;
-+ }
-+
- for (j = 0, k = 0; j < width*2; j+= 2, ++k)
- {
- if (buffer[k] == 0)
-@@ -427,7 +519,15 @@ load_image (const gchar *file,
- break;
-
- case 32:
-- fread (line, width*4, 1, fp);
-+ n_read = fread (line, width*4, 1, fp);
-+
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("EOF or error while reading image data"));
-+ return -1;
-+ }
-+
- /* The CEL file order is BGR so we need to swap B and R
- * to get the Gimp RGB order.
- */
-@@ -440,7 +540,8 @@ load_image (const gchar *file,
- break;
-
- default:
-- g_message (_("Unsupported bit depth (%d)!"), bpp);
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("Unsupported bit depth (%d)!"), bpp);
- return -1;
- }
-
-@@ -457,7 +558,7 @@ load_image (const gchar *file,
- if (bpp != 32)
- {
- /* Use palette from file or otherwise default grey palette */
-- palette = g_new (guchar, colours*3);
-+ guchar palette[256*3];
-
- /* Open the file for reading if user picked one */
- if (palette_file == NULL)
-@@ -467,12 +568,23 @@ load_image (const gchar *file,
- else
- {
- fp = g_fopen (palette_file, "r");
-+
-+ if (fp == NULL)
-+ {
-+ g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno),
-+ _("Could not open '%s' for reading: %s"),
-+ gimp_filename_to_utf8 (palette_file),
-+ g_strerror (errno));
-+ return -1;
-+ }
- }
-
- if (fp != NULL)
- {
-- colours = load_palette (fp, palette);
-+ colours = load_palette (palette_file, fp, palette, error);
- fclose (fp);
-+ if (colours < 0 || *error)
-+ return -1;
- }
- else
- {
-@@ -483,10 +595,6 @@ load_image (const gchar *file,
- }
-
- gimp_image_set_colormap (image, palette + 3, colours - 1);
--
-- /* Close palette file, give back allocated memory */
--
-- g_free (palette);
- }
-
- /* Now get everything redrawn and hand back the finished image */
-@@ -498,32 +606,100 @@ load_image (const gchar *file,
- }
-
- static gint
--load_palette (FILE *fp,
-- guchar palette[])
-+load_palette (const gchar *file,
-+ FILE *fp,
-+ guchar palette[],
-+ GError **error)
- {
- guchar header[32]; /* File header */
- guchar buffer[2];
-- int i, bpp, colours= 0;
-+ guchar file_mark, bpp;
-+ gint i, colours = 0;
-+ size_t n_read;
-+
-+ n_read = fread (header, 4, 1, fp);
-+
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': EOF or error while reading palette header"),
-+ gimp_filename_to_utf8 (file));
-+ return -1;
-+ }
-
-- fread (header, 4, 1, fp);
- if (!strncmp ((const gchar *) header, "KiSS", 4))
- {
-- fread (header+4, 28, 1, fp);
-+ n_read = fread (header+4, 28, 1, fp);
-+
-+ if (n_read < 1)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': EOF or error while reading palette header"),
-+ gimp_filename_to_utf8 (file));
-+ return -1;
-+ }
-+
-+ file_mark = header[4];
-+ if (file_mark != 0x10)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': is not a KCF palette file"),
-+ gimp_filename_to_utf8 (file));
-+ return -1;
-+ }
-+
- bpp = header[5];
-+ if (bpp != 12 && bpp != 24)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': illegal bpp value in palette: %hhu"),
-+ gimp_filename_to_utf8 (file), bpp);
-+ return -1;
-+ }
-+
- colours = header[8] + header[9] * 256;
-- if (bpp == 12)
-+ if (colours != 16 && colours != 256)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': illegal number of colors: %u"),
-+ gimp_filename_to_utf8 (file), colours);
-+ return -1;
-+ }
-+
-+ switch (bpp)
- {
-+ case 12:
- for (i = 0; i < colours; ++i)
- {
-- fread (buffer, 1, 2, fp);
-+ n_read = fread (buffer, 1, 2, fp);
-+
-+ if (n_read < 2)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': EOF or error while reading "
-+ "palette data"),
-+ gimp_filename_to_utf8 (file));
-+ return -1;
-+ }
-+
- palette[i*3]= buffer[0] & 0xf0;
- palette[i*3+1]= (buffer[1] & 0x0f) * 16;
- palette[i*3+2]= (buffer[0] & 0x0f) * 16;
- }
-- }
-- else
-- {
-- fread (palette, colours, 3, fp);
-+ break;
-+ case 24:
-+ n_read = fread (palette, colours, 3, fp);
-+
-+ if (n_read < 3)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': EOF or error while reading palette data"),
-+ gimp_filename_to_utf8 (file));
-+ return -1;
-+ }
-+ break;
-+ default:
-+ g_assert_not_reached ();
- }
- }
- else
-@@ -532,7 +708,16 @@ load_palette (FILE *fp,
- fseek (fp, 0, SEEK_SET);
- for (i= 0; i < colours; ++i)
- {
-- fread (buffer, 1, 2, fp);
-+ n_read = fread (buffer, 1, 2, fp);
-+
-+ if (n_read < 2)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s': EOF or error while reading palette data"),
-+ gimp_filename_to_utf8 (file));
-+ return -1;
-+ }
-+
- palette[i*3] = buffer[0] & 0xf0;
- palette[i*3+1] = (buffer[1] & 0x0f) * 16;
- palette[i*3+2] = (buffer[0] & 0x0f) * 16;
---
-1.7.11.4
-