diff options
Diffstat (limited to 'media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch')
-rw-r--r-- | media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch new file mode 100644 index 000000000000..e4d3a9f96fb4 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch @@ -0,0 +1,39 @@ +From ace45631595e8781a1420842582d67160097163c Mon Sep 17 00:00:00 2001 +From: Michael Natterer <mitch@gimp.org> +Date: Wed, 06 Jun 2012 19:21:10 +0000 +Subject: Bug 676804 - file handling DoS for fit file format + +Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on +broken/malicious fits files. +--- +(limited to 'plug-ins/file-fits/fits-io.c') + +diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c +index 03d9652..ed77318 100644 +--- a/plug-ins/file-fits/fits-io.c ++++ b/plug-ins/file-fits/fits-io.c +@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr, + hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0); + hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0); + if (hdulist->used.xtension) +- { +- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); +- strcpy (hdulist->xtension, fdat->fstring); +- } ++ { ++ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); ++ if (fdat != NULL) ++ { ++ strcpy (hdulist->xtension, fdat->fstring); ++ } ++ else ++ { ++ strcpy (errmsg, "No valid XTENSION header found."); ++ goto err_return; ++ } ++ } + + FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong); + hdulist->naxis = fdat->flong; +-- +cgit v0.9.0.2 |