SOURCES: SDL_image-IMG_lbm.patch (NEW) - CVE-2008-0544 (stolen fro...
sls
sls at pld-linux.org
Fri Mar 28 02:59:42 CET 2008
Author: sls Date: Fri Mar 28 01:59:42 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- CVE-2008-0544 (stolen from Fedora; #430693)
---- Files affected:
SOURCES:
SDL_image-IMG_lbm.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/SDL_image-IMG_lbm.patch
diff -u /dev/null SOURCES/SDL_image-IMG_lbm.patch:1.1
--- /dev/null Fri Mar 28 02:59:42 2008
+++ SOURCES/SDL_image-IMG_lbm.patch Fri Mar 28 02:59:37 2008
@@ -0,0 +1,28 @@
+--- trunk/SDL_image/IMG_lbm.c 2007/07/20 04:37:11 3341
++++ trunk/SDL_image/IMG_lbm.c 2008/01/03 20:05:34 3521
+@@ -28,6 +28,7 @@
+ EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
+ (http://www.multimania.com/mavati) in December 2003.
+ Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
++ Buffer overflow fix in RLE decompression by David Raulo in January 2008.
+ */
+
+ #include <stdio.h>
+@@ -328,7 +329,7 @@
+ count ^= 0xFF;
+ count += 2; /* now it */
+
+- if ( !SDL_RWread( src, &color, 1, 1 ) )
++ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
+ {
+ error="error reading BODY chunk";
+ goto done;
+@@ -339,7 +340,7 @@
+ {
+ ++count;
+
+- if ( !SDL_RWread( src, ptr, count, 1 ) )
++ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
+ {
+ error="error reading BODY chunk";
+ goto done;
================================================================
More information about the pld-cvs-commit
mailing list