-
Notifications
You must be signed in to change notification settings - Fork 698
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Change-Id: I3e8c7b7f008abed22dfd0ca31c75b525e7238e3e Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/22305 Tested-by: gerrit-photon <[email protected]> Reviewed-by: Shreenidhi Shedi <[email protected]>
- Loading branch information
Showing
2 changed files
with
60 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
From bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81 Mon Sep 17 00:00:00 2001 | ||
From: Robert Ancell <[email protected]> | ||
Date: Mon, 30 Nov 2020 12:26:12 +1300 | ||
Subject: [PATCH] gif: Fix LZW decoder accepting invalid LZW code. | ||
|
||
[ KN - Test file hang_114.gif from the patch has been dropped as we do not | ||
execute the tests for gdk-pixbuf. | ||
upstream patch https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81 | ||
] | ||
|
||
The code value after a reset wasn't being validated, which means we would | ||
accept invalid codes. This could cause an infinite loop in the decoder. | ||
|
||
Fixes CVE-2020-29385 | ||
|
||
Fixes https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 | ||
Signed-off-by: Kuntal Nayak <[email protected]> | ||
--- | ||
gdk-pixbuf/lzw.c | 13 +++++++------ | ||
1 file changed, 7 insertions(+), 6 deletions(-) | ||
|
||
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c | ||
index 9e052a6..105daf2 100644 | ||
--- a/gdk-pixbuf/lzw.c | ||
+++ b/gdk-pixbuf/lzw.c | ||
@@ -195,19 +195,20 @@ lzw_decoder_feed (LZWDecoder *self, | ||
if (self->last_code != self->clear_code && self->code_table_size < MAX_CODES) { | ||
if (self->code < self->code_table_size) | ||
add_code (self, self->code); | ||
- else if (self->code == self->code_table_size) | ||
+ else | ||
add_code (self, self->last_code); | ||
- else { | ||
- /* Invalid code received - just stop here */ | ||
- self->last_code = self->eoi_code; | ||
- return output_length; | ||
- } | ||
|
||
/* When table is full increase code size */ | ||
if (self->code_table_size == (1 << self->code_size) && self->code_size < LZW_CODE_MAX) | ||
self->code_size++; | ||
} | ||
|
||
+ /* Invalid code received - just stop here */ | ||
+ if (self->code >= self->code_table_size) { | ||
+ self->last_code = self->eoi_code; | ||
+ return output_length; | ||
+ } | ||
+ | ||
/* Convert codeword into indexes */ | ||
n_written += write_indexes (self, output + n_written, output_length - n_written); | ||
} | ||
-- | ||
2.39.0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
Summary: toolkit for image loading and pixel buffer manipulation. | ||
Name: gdk-pixbuf | ||
Version: 2.42.0 | ||
Release: 6%{?dist} | ||
Release: 7%{?dist} | ||
License: LGPLv2+ | ||
URL: http://www.gt.org | ||
Group: System Environment/Libraries | ||
|
@@ -10,7 +10,9 @@ Distribution: Photon | |
|
||
Source0: http://ftp.gnome.org/pub/gnome/sources/%{name}/2.42/%{name}-%{version}.tar.xz | ||
%define sha512 %{name}=c9962d42e5bf13514091234342e259be1e06b2c4dea2936e16104a3b58f0b6837f070224c04be9541d75f5ea34d1da398f178a1eed1f9059f6429faf5c223e34 | ||
|
||
Patch0: gdk-pixbuf-CVE-2021-46829.patch | ||
Patch1: CVE-2020-29385.patch | ||
|
||
BuildRequires: meson | ||
BuildRequires: cmake | ||
|
@@ -81,6 +83,8 @@ rm -rf %{buildroot}/* | |
%{_libdir}/pkgconfig | ||
|
||
%changelog | ||
* Fri Nov 03 2023 Kuntal Nayak <[email protected]> 2.42.0-7 | ||
- Fix CVE-2020-29385 | ||
* Wed Jul 19 2023 Harinadh D <[email protected]> 2.42.0-6 | ||
- Fix CVE-2021-46829 | ||
* Tue Jul 04 2023 Ashwin Dayanand Kamat <[email protected]> 2.42.0-5 | ||
|